Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
grass.exe

Overview

General Information

Sample name:grass.exe
Analysis ID:1559571
MD5:bde4b588168e995961f49b6cb7576594
SHA1:1a28c66e77e4a7cea5b2e49d116dd20d3d046120
SHA256:bedf5dc3e40558fcffb4eee7d9efc20db06a1f77433e0c46d247dd4f2640e6f0
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Contains functionality to infect the boot sector
Found pyInstaller with non standard icon
Machine Learning detection for sample
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • grass.exe (PID: 7552 cmdline: "C:\Users\user\Desktop\grass.exe" MD5: BDE4B588168E995961F49B6CB7576594)
    • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • grass.exe (PID: 7664 cmdline: "C:\Users\user\Desktop\grass.exe" MD5: BDE4B588168E995961F49B6CB7576594)
      • cmd.exe (PID: 7700 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: grass.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE5040 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,3_2_61CE5040
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D41D19 CryptReleaseContext,3_2_61D41D19
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2189D CRYPTO_malloc,ERR_put_error,3_2_00007FFB0BC2189D
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,3_2_00007FFB0BC2132A
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC4CC00 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,3_2_00007FFB0BC4CC00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21DA2 CRYPTO_THREAD_run_once,3_2_00007FFB0BC21DA2
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC80B50 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,3_2_00007FFB0BC80B50
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FFB0BC21523
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC4CB10 CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC4CB10
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21FBE CRYPTO_free,3_2_00007FFB0BC21FBE
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC60AA0 CRYPTO_memcmp,3_2_00007FFB0BC60AA0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3CAC0 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,3_2_00007FFB0BC3CAC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC5AA70 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FFB0BC5AA70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC54A90 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FFB0BC54A90
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2221B CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC2221B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC4C970 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,3_2_00007FFB0BC4C970
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC70990 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,3_2_00007FFB0BC70990
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC7C980 CRYPTO_memcmp,3_2_00007FFB0BC7C980
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC28980 CRYPTO_free,3_2_00007FFB0BC28980
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22153 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FFB0BC22153
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,3_2_00007FFB0BC2135C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC81060 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,3_2_00007FFB0BC81060
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC21479
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC6B020 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,3_2_00007FFB0BC6B020
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21410 CRYPTO_malloc,ERR_put_error,BIO_snprintf,3_2_00007FFB0BC21410
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC6D050 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC6D050
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC37008 CRYPTO_free,CRYPTO_strdup,3_2_00007FFB0BC37008
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21078 CRYPTO_free,3_2_00007FFB0BC21078
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC224FA CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FFB0BC224FA
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC36F39 CRYPTO_free,CRYPTO_strdup,3_2_00007FFB0BC36F39
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21DC0 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FFB0BC21DC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2163B CRYPTO_free,CRYPTO_malloc,3_2_00007FFB0BC2163B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC54EF0 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,3_2_00007FFB0BC54EF0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2AEA0 CRYPTO_free,3_2_00007FFB0BC2AEA0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3CEC0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC3CEC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC58E70 CRYPTO_zalloc,CRYPTO_free,3_2_00007FFB0BC58E70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC60E70 CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC60E70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3CE60 CRYPTO_get_ex_new_index,3_2_00007FFB0BC3CE60
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2157D CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,ERR_put_error,ERR_put_error,ERR_put_error,memcpy,3_2_00007FFB0BC2157D
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC68E3D CRYPTO_malloc,3_2_00007FFB0BC68E3D
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC88E40 CRYPTO_free,CRYPTO_malloc,ERR_put_error,3_2_00007FFB0BC88E40
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21B81 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FFB0BC21B81
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC72E00 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,3_2_00007FFB0BC72E00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2220C ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,3_2_00007FFB0BC2220C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,3_2_00007FFB0BC21393
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC4CDC0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,3_2_00007FFB0BC4CDC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21F37 CRYPTO_free,CRYPTO_malloc,RAND_bytes,3_2_00007FFB0BC21F37
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2ED90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,3_2_00007FFB0BC2ED90
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21D61 CRYPTO_clear_free,3_2_00007FFB0BC21D61
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2243C CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,ERR_put_error,3_2_00007FFB0BC2243C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22469 CRYPTO_malloc,memcpy,3_2_00007FFB0BC22469
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC215C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,3_2_00007FFB0BC215C8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21F14 CRYPTO_free,3_2_00007FFB0BC21F14
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC24497 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,3_2_00007FFB0BC24497
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21A00 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,3_2_00007FFB0BC21A00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC383F0 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FFB0BC383F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC28410 CRYPTO_zalloc,ERR_put_error,3_2_00007FFB0BC28410
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21E7E CRYPTO_free,CRYPTO_malloc,3_2_00007FFB0BC21E7E
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21CBC CRYPTO_clear_free,3_2_00007FFB0BC21CBC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3E3C0 CRYPTO_THREAD_run_once,3_2_00007FFB0BC3E3C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC36330 CRYPTO_free,3_2_00007FFB0BC36330
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC72350 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC72350
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC462F0 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,3_2_00007FFB0BC462F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC213B6 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC213B6
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC220FE BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,3_2_00007FFB0BC220FE
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2E2E0 CRYPTO_malloc,3_2_00007FFB0BC2E2E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC742B0 CRYPTO_malloc,memcpy,3_2_00007FFB0BC742B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22293 CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC22293
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3C280 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,3_2_00007FFB0BC3C280
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21131 CRYPTO_free,3_2_00007FFB0BC21131
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC361F8 CRYPTO_free,CRYPTO_strdup,3_2_00007FFB0BC361F8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3E180 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,3_2_00007FFB0BC3E180
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC38130 CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC38130
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22590 CRYPTO_free,CRYPTO_strdup,3_2_00007FFB0BC22590
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2195B EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,3_2_00007FFB0BC2195B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC580F0 CRYPTO_free,3_2_00007FFB0BC580F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2E0B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,3_2_00007FFB0BC2E0B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC240BA BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,3_2_00007FFB0BC240BA
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC80830 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,3_2_00007FFB0BC80830
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC60820 CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC60820
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC5A850 CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC5A850
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21C08 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,3_2_00007FFB0BC21C08
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC6883B CRYPTO_clear_free,3_2_00007FFB0BC6883B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2101E CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC2101E
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2222A CRYPTO_free,3_2_00007FFB0BC2222A
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22225 CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC22225
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC7E730 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC7E730
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2218A CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC2218A
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC213FC EVP_MD_CTX_new,EVP_MD_CTX_free,CRYPTO_memcmp,memcpy,memcpy,3_2_00007FFB0BC213FC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21AC8 CRYPTO_malloc,ERR_put_error,CRYPTO_free,3_2_00007FFB0BC21AC8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC246C0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,3_2_00007FFB0BC246C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,3_2_00007FFB0BC21762
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC221C1 _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC221C1
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21BCC CRYPTO_strdup,CRYPTO_free,3_2_00007FFB0BC21BCC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC5A5E0 CRYPTO_memcmp,3_2_00007FFB0BC5A5E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2236A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,3_2_00007FFB0BC2236A
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FFB0BC21050
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21438 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC21438
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC60550 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC60550
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC424E0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FFB0BC424E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21DD4 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,3_2_00007FFB0BC21DD4
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC222C5 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,3_2_00007FFB0BC222C5
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22414 CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,3_2_00007FFB0BC22414
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC284C0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,3_2_00007FFB0BC284C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21A69 CRYPTO_free,3_2_00007FFB0BC21A69
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC41C60 CRYPTO_free,CRYPTO_strdup,3_2_00007FFB0BC41C60
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC57C90 CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC57C90
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC67C50 CRYPTO_free,CRYPTO_strndup,3_2_00007FFB0BC67C50
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC57BF0 CRYPTO_free,3_2_00007FFB0BC57BF0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC71BE0 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,3_2_00007FFB0BC71BE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC6DBE0 CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC6DBE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21122 CRYPTO_free,3_2_00007FFB0BC21122
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21069 CRYPTO_free,3_2_00007FFB0BC21069
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21398 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_security_bits,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,3_2_00007FFB0BC21398
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2129E CRYPTO_THREAD_run_once,3_2_00007FFB0BC2129E
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21163 EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC21163
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21A0A CRYPTO_zalloc,memcpy,memcpy,memcpy,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC21A0A
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC5FAE0 CRYPTO_realloc,3_2_00007FFB0BC5FAE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC57A70 CRYPTO_free,3_2_00007FFB0BC57A70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2176C CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,3_2_00007FFB0BC2176C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC22063 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FFB0BC22063
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC218DE CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FFB0BC218DE
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC216F4 CRYPTO_malloc,CRYPTO_THREAD_lock_new,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,3_2_00007FFB0BC216F4
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC27A50 CRYPTO_free,3_2_00007FFB0BC27A50
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC4FA54 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FFB0BC4FA54
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC47A10 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FFB0BC47A10
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC6BA00 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FFB0BC6BA00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC45A07 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FFB0BC45A07
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC679C0 CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC679C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC539C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,3_2_00007FFB0BC539C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC210FF CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,3_2_00007FFB0BC210FF
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC79990 CRYPTO_malloc,EVP_CIPHER_CTX_new,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_iv_length,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,3_2_00007FFB0BC79990
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC8D990 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,3_2_00007FFB0BC8D990
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21DCF CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,3_2_00007FFB0BC21DCF
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21235 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FFB0BC21235
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3E090 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,3_2_00007FFB0BC3E090
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC220B8 CRYPTO_free,CRYPTO_malloc,memcpy,3_2_00007FFB0BC220B8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21C8F CRYPTO_free,CRYPTO_memdup,3_2_00007FFB0BC21C8F
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC214FB EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FFB0BC214FB
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC3A000 CRYPTO_free,CRYPTO_strndup,3_2_00007FFB0BC3A000
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC216F9 CRYPTO_free,3_2_00007FFB0BC216F9
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2DFA0 CRYPTO_free,3_2_00007FFB0BC2DFA0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC211B3 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FFB0BC211B3
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21C99 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,3_2_00007FFB0BC21C99
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC210F5 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,3_2_00007FFB0BC210F5
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC71F50 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFB0BC71F50
Source: grass.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2630398487.00007FFB0BC0C000.00000002.00000001.01000000.00000015.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: grass.exe, 00000003.00000002.2629916648.00007FFB0B9A9000.00000002.00000001.01000000.0000001E.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2631883352.00007FFB0CB0B000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: grass.exe, 00000003.00000002.2629916648.00007FFB0B9A9000.00000002.00000001.01000000.0000001E.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: grass.exe, 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: grass.exe, 00000003.00000002.2630991307.00007FFB0BF20000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632986985.00007FFB1D5B5000.00000002.00000001.01000000.00000010.sdmp, _overlapped.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: grass.exe, 00000003.00000002.2630991307.00007FFB0BFA2000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: grass.exe, 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2633159238.00007FFB1E3A3000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: grass.exe, 00000003.00000002.2630991307.00007FFB0BF20000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: grass.exe, 00000000.00000003.1370943889.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2633244818.00007FFB1E3C1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: grass.exe, 00000003.00000002.2632725904.00007FFB1C260000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632254758.00007FFB1BA46000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2633075890.00007FFB1D892000.00000002.00000001.01000000.0000000E.sdmp, _uuid.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632427176.00007FFB1BA87000.00000002.00000001.01000000.0000000F.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: grass.exe, 00000003.00000002.2631382922.00007FFB0C36F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2631883352.00007FFB0CB0B000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632341708.00007FFB1BA6D000.00000002.00000001.01000000.00000011.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632640023.00007FFB1BAD8000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: grass.exe, 00000003.00000002.2632515183.00007FFB1BAAD000.00000002.00000001.01000000.0000000B.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1987E0 FindFirstFileExW,FindClose,0_2_00007FF69E1987E0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E197820 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF69E197820
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B2A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69E1B2A84
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1987E0 FindFirstFileExW,FindClose,3_2_00007FF69E1987E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E197820 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF69E197820
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B2A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF69E1B2A84
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D63550 htons,inet_ntoa,recv,recvfrom,3_2_61D63550
Source: global trafficDNS traffic detected: DNS query: time.windows.com
Source: grass.exe, 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://.css
Source: grass.exe, 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://.jpg
Source: grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B8C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B8C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B8C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _overlapped.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: grass.exe, 00000003.00000002.2628633488.00000248F28A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: grass.exe, 00000003.00000002.2628541987.00000248F26A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: grass.exe, 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://html4/loose.dtd
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
Source: grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B8C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B8C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: grass.exe, 00000003.00000002.2628273752.00000248F23A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
Source: grass.exe, 00000003.00000002.2628108784.00000248F21A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
Source: grass.exe, 00000003.00000002.2628273752.00000248F23A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1378325481.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1375786171.0000016256B8D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1379612810.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: grass.exe, 00000003.00000003.1394207526.00000248F24A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1:8443
Source: grass.exe, 00000003.00000002.2628273752.00000248F23A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.getgrass.io/login
Source: grass.exe, 00000003.00000002.2628108784.00000248F222D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
Source: grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/glossary.html#term-coroutine-function
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/glossary.html#term-file-object
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1391979573.00000248F2623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html
Source: grass.exe, 00000003.00000002.2628778138.00000248F2B5C000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/functions.html#callable
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: grass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html#contexts-and-start-methods
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re-objects
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/string.html#format-string-syntax
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://filepreviews.io/
Source: grass.exe, 00000003.00000002.2628108784.00000248F222D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.co
Source: grass.exe, 00000003.00000002.2628706141.00000248F29C0000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3104000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Qix-
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Qix-/better-exceptions
Source: grass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/erezinman
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/erezinman/loguru-config
Source: grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1328)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1329)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1330)
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1391979573.00000248F2623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
Source: grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1391979573.00000248F2623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
Source: grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: grass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sdispater
Source: METADATA.0.drString found in binary or memory: https://github.com/sponsors/hynek
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/sponsors/hynek).
Source: grass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://hynek.me/articles/import-attrs/)
Source: grass.exe, 00000003.00000002.2628346347.00000248F24F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://klaviyo.com/
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pendulum.eustace.io/docs/#tokens
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://peps.python.org/pep-0649/)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://peps.python.org/pep-0749/)-implementing
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/attrs/)
Source: grass.exe, 00000003.00000002.2631382922.00007FFB0C36F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
Source: grass.exe, 00000003.00000002.2629131467.00000248F2E35000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2D3F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3030000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/Vpooopooo
Source: grass.exe, 00000003.00000002.2629131467.00000248F2E35000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2D3F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3030000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/inanitynoupcase
Source: grass.exe, 00000003.00000002.2629131467.00000248F2E35000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2D3F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3030000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/wibuairdrop142
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
Source: grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
Source: METADATA.0.drString found in binary or memory: https://www.attrs.org/
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/)
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/FilePreviews.svg
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Klaviyo.svg
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Tidelift.svg
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Variomedia.svg
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/latest/names.html)
Source: grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
Source: METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
Source: grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
Source: grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmp, grass.exe, 00000003.00000002.2631138306.00007FFB0C019000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: grass.exe, 00000000.00000003.1375069994.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388164897.00000248F21C1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628201852.00000248F22A0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1387950192.00000248F21B3000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://www.variomedia.de/
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD3CF0 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,3_2_61CD3CF0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD2B30: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,3_2_61CD2B30
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B6E100_2_00007FF69E1B6E10
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E197E400_2_00007FF69E197E40
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B7B740_2_00007FF69E1B7B74
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B1AD80_2_00007FF69E1B1AD8
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1AEF580_2_00007FF69E1AEF58
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A27580_2_00007FF69E1A2758
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A8FC00_2_00007FF69E1A8FC0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19983B0_2_00007FF69E19983B
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B708C0_2_00007FF69E1B708C
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A10C80_2_00007FF69E1A10C8
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E198D600_2_00007FF69E198D60
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1AF5D80_2_00007FF69E1AF5D8
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1AADC00_2_00007FF69E1AADC0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B4E200_2_00007FF69E1B4E20
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B1AD80_2_00007FF69E1B1AD8
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B76280_2_00007FF69E1B7628
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A96700_2_00007FF69E1A9670
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A16DC0_2_00007FF69E1A16DC
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A36F00_2_00007FF69E1A36F0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A0EBC0_2_00007FF69E1A0EBC
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A3F2C0_2_00007FF69E1A3F2C
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A43F00_2_00007FF69E1A43F0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A23C00_2_00007FF69E1A23C0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A6C900_2_00007FF69E1A6C90
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A14D80_2_00007FF69E1A14D8
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A0CB80_2_00007FF69E1A0CB8
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1BA9380_2_00007FF69E1BA938
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1999D40_2_00007FF69E1999D4
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19A20D0_2_00007FF69E19A20D
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B2A840_2_00007FF69E1B2A84
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1AEAC40_2_00007FF69E1AEAC4
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B52BC0_2_00007FF69E1B52BC
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A12CC0_2_00007FF69E1A12CC
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1A3B280_2_00007FF69E1A3B28
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CC50803_2_61CC5080
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CC65303_2_61CC6530
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D631D83_2_61D631D8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE51C03_2_61CE51C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D181953_2_61D18195
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D631B83_2_61D631B8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D631383_2_61D63138
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D170F03_2_61D170F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD60503_2_61CD6050
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD80103_2_61CD8010
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE43903_2_61CE4390
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D1A3403_2_61D1A340
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CED2C03_2_61CED2C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D282F03_2_61D282F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE72E03_2_61CE72E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE12403_2_61CE1240
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CCA2603_2_61CCA260
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD52603_2_61CD5260
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CEA2003_2_61CEA200
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CC75403_2_61CC7540
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D025623_2_61D02562
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD85303_2_61CD8530
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE84A03_2_61CE84A0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD74B03_2_61CD74B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD14B23_2_61CD14B2
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D196D03_2_61D196D0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D096C03_2_61D096C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D216903_2_61D21690
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D416703_2_61D41670
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE09803_2_61CE0980
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD49B03_2_61CD49B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D3F9403_2_61D3F940
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D028F03_2_61D028F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE88903_2_61CE8890
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D178B03_2_61D178B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD48303_2_61CD4830
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D18BB03_2_61D18BB0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D28A103_2_61D28A10
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CCBDE03_2_61CCBDE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE9DE03_2_61CE9DE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CE8D803_2_61CE8D80
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CC7D703_2_61CC7D70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CEBC803_2_61CEBC80
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CEEC503_2_61CEEC50
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CEEED03_2_61CEEED0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD7E703_2_61CD7E70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D27E103_2_61D27E10
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CDBE103_2_61CDBE10
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B7B743_2_00007FF69E1B7B74
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1AEF583_2_00007FF69E1AEF58
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A27583_2_00007FF69E1A2758
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A8FC03_2_00007FF69E1A8FC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E19983B3_2_00007FF69E19983B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B708C3_2_00007FF69E1B708C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A10C83_2_00007FF69E1A10C8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E198D603_2_00007FF69E198D60
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1AF5D83_2_00007FF69E1AF5D8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1AADC03_2_00007FF69E1AADC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B4E203_2_00007FF69E1B4E20
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B1AD83_2_00007FF69E1B1AD8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B76283_2_00007FF69E1B7628
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B6E103_2_00007FF69E1B6E10
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A96703_2_00007FF69E1A9670
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E197E403_2_00007FF69E197E40
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A16DC3_2_00007FF69E1A16DC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A36F03_2_00007FF69E1A36F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A0EBC3_2_00007FF69E1A0EBC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A3F2C3_2_00007FF69E1A3F2C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A43F03_2_00007FF69E1A43F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A23C03_2_00007FF69E1A23C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A6C903_2_00007FF69E1A6C90
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A14D83_2_00007FF69E1A14D8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A0CB83_2_00007FF69E1A0CB8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1BA9383_2_00007FF69E1BA938
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1999D43_2_00007FF69E1999D4
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E19A20D3_2_00007FF69E19A20D
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B2A843_2_00007FF69E1B2A84
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B1AD83_2_00007FF69E1B1AD8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1AEAC43_2_00007FF69E1AEAC4
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B52BC3_2_00007FF69E1B52BC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A12CC3_2_00007FF69E1A12CC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1A3B283_2_00007FF69E1A3B28
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98BC403_2_00007FFB0B98BC40
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B984C803_2_00007FFB0B984C80
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9851C43_2_00007FFB0B9851C4
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9931A93_2_00007FFB0B9931A9
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98F1B03_2_00007FFB0B98F1B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98E0B03_2_00007FFB0B98E0B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98A8803_2_00007FFB0B98A880
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9857543_2_00007FFB0B985754
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B988EBC3_2_00007FFB0B988EBC
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98EEE03_2_00007FFB0B98EEE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98D6F03_2_00007FFB0B98D6F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B98FD003_2_00007FFB0B98FD00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9C7DF03_2_00007FFB0B9C7DF0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA674503_2_00007FFB0BA67450
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA822303_2_00007FFB0BA82230
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5B6203_2_00007FFB0BA5B620
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA646903_2_00007FFB0BA64690
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5E0903_2_00007FFB0BA5E090
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA612903_2_00007FFB0BA61290
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5B2703_2_00007FFB0BA5B270
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA3786B3_2_00007FFB0BA3786B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA47E703_2_00007FFB0BA47E70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA320703_2_00007FFB0BA32070
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA7E8603_2_00007FFB0BA7E860
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA776603_2_00007FFB0BA77660
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5F5D03_2_00007FFB0BA5F5D0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA429D03_2_00007FFB0BA429D0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA76FC03_2_00007FFB0BA76FC0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA809A03_2_00007FFB0BA809A0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA469A03_2_00007FFB0BA469A0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA35BA03_2_00007FFB0BA35BA0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5A8103_2_00007FFB0BA5A810
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA65C003_2_00007FFB0BA65C00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA4BA003_2_00007FFB0BA4BA00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA7F4003_2_00007FFB0BA7F400
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA706003_2_00007FFB0BA70600
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA641E03_2_00007FFB0BA641E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5F9E03_2_00007FFB0BA5F9E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA77D503_2_00007FFB0BA77D50
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA447503_2_00007FFB0BA44750
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA66F403_2_00007FFB0BA66F40
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA7C3403_2_00007FFB0BA7C340
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA3C9403_2_00007FFB0BA3C940
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA3DF203_2_00007FFB0BA3DF20
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA59D903_2_00007FFB0BA59D90
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA7DB703_2_00007FFB0BA7DB70
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA81B603_2_00007FFB0BA81B60
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA3A5603_2_00007FFB0BA3A560
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA33D603_2_00007FFB0BA33D60
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA668C03_2_00007FFB0BA668C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA366C03_2_00007FFB0BA366C0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA60EB03_2_00007FFB0BA60EB0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA7FEB03_2_00007FFB0BA7FEB0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA794B03_2_00007FFB0BA794B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA77AA03_2_00007FFB0BA77AA0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA7B7103_2_00007FFB0BA7B710
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA627003_2_00007FFB0BA62700
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA3B3003_2_00007FFB0BA3B300
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA708F03_2_00007FFB0BA708F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA458F03_2_00007FFB0BA458F0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA62AE03_2_00007FFB0BA62AE0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA5C8E03_2_00007FFB0BA5C8E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC215373_2_00007FFB0BC21537
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC26BA03_2_00007FFB0BC26BA0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC80B503_2_00007FFB0BC80B50
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC220B33_2_00007FFB0BC220B3
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2168B3_2_00007FFB0BC2168B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC225723_2_00007FFB0BC22572
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC884603_2_00007FFB0BC88460
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC702403_2_00007FFB0BC70240
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2195B3_2_00007FFB0BC2195B
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21DD43_2_00007FFB0BC21DD4
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC213983_2_00007FFB0BC21398
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2114F3_2_00007FFB0BC2114F
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC214513_2_00007FFB0BC21451
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC2F9C53_2_00007FFB0BC2F9C5
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BC21C993_2_00007FFB0BC21C99
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FFB0BC212EE appears 382 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FFB0B9A779C appears 32 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 61D62C68 appears 51 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FFB0BC8E055 appears 73 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 61D62C20 appears 44 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FFB0BC8DFBF appears 152 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FF69E192020 appears 34 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FFB0B9CDC00 appears 40 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 61CDDD10 appears 235 times
Source: C:\Users\user\Desktop\grass.exeCode function: String function: 00007FF69E191E50 appears 106 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: pyarmor_runtime.pyd.0.drStatic PE information: Number of sections : 11 > 10
Source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1372106670.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1371876072.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs grass.exe
Source: grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1372998674.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1370943889.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs grass.exe
Source: grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1377710073.0000016256B81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs grass.exe
Source: grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs grass.exe
Source: grass.exeBinary or memory string: OriginalFilename vs grass.exe
Source: grass.exe, 00000003.00000002.2631741021.00007FFB0C478000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs grass.exe
Source: grass.exe, 00000003.00000002.2632377822.00007FFB1BA72000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2633024550.00007FFB1D5BA000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2631940607.00007FFB0CB14000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2632759723.00007FFB1C26D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2632462181.00007FFB1BA8E000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2632672937.00007FFB1BAE2000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2633108295.00007FFB1D894000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2633277113.00007FFB1E3C7000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs grass.exe
Source: grass.exe, 00000003.00000002.2633191489.00007FFB1E3A6000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2630546609.00007FFB0BC11000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2632288414.00007FFB1BA4E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2630020492.00007FFB0B9BA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2632591293.00007FFB1BAC5000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs grass.exe
Source: grass.exe, 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibsslH vs grass.exe
Source: grass.exe, 00000003.00000002.2631138306.00007FFB0C019000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs grass.exe
Source: classification engineClassification label: mal52.winEXE@6/36@1/1
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD27E0 GetLastError,FormatMessageA,LocalFree,3_2_61CD27E0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI75522Jump to behavior
Source: grass.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\grass.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\grass.exeFile read: C:\Users\user\Desktop\grass.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\grass.exe "C:\Users\user\Desktop\grass.exe"
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Users\user\Desktop\grass.exe "C:\Users\user\Desktop\grass.exe"
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Users\user\Desktop\grass.exe "C:\Users\user\Desktop\grass.exe"Jump to behavior
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\grass.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: grass.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: grass.exeStatic file information: File size 8394086 > 1048576
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: grass.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: grass.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: grass.exe, 00000000.00000003.1379612810.0000016256B89000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2630398487.00007FFB0BC0C000.00000002.00000001.01000000.00000015.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: grass.exe, 00000003.00000002.2629916648.00007FFB0B9A9000.00000002.00000001.01000000.0000001E.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2631883352.00007FFB0CB0B000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: grass.exe, 00000003.00000002.2629916648.00007FFB0B9A9000.00000002.00000001.01000000.0000001E.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: grass.exe, 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: grass.exe, 00000003.00000002.2630991307.00007FFB0BF20000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: grass.exe, 00000000.00000003.1372714595.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632986985.00007FFB1D5B5000.00000002.00000001.01000000.00000010.sdmp, _overlapped.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: grass.exe, 00000000.00000003.1372633631.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: grass.exe, 00000003.00000002.2630991307.00007FFB0BFA2000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: grass.exe, 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: grass.exe, 00000000.00000003.1379416969.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2633159238.00007FFB1E3A3000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: grass.exe, 00000003.00000002.2630991307.00007FFB0BF20000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: grass.exe, 00000000.00000003.1370943889.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2633244818.00007FFB1E3C1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: grass.exe, 00000003.00000002.2632725904.00007FFB1C260000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: grass.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632254758.00007FFB1BA46000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: grass.exe, 00000000.00000003.1373137867.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2633075890.00007FFB1D892000.00000002.00000001.01000000.0000000E.sdmp, _uuid.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: grass.exe, 00000000.00000003.1371125051.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632427176.00007FFB1BA87000.00000002.00000001.01000000.0000000F.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: grass.exe, 00000003.00000002.2631382922.00007FFB0C36F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: grass.exe, 00000000.00000003.1372801356.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: grass.exe, 00000000.00000003.1372479234.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2631883352.00007FFB0CB0B000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: grass.exe, 00000000.00000003.1371651052.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632341708.00007FFB1BA6D000.00000002.00000001.01000000.00000011.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: grass.exe, 00000000.00000003.1372878642.0000016256B7F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2632640023.00007FFB1BAD8000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: grass.exe, 00000003.00000002.2632515183.00007FFB1BAAD000.00000002.00000001.01000000.0000000B.sdmp, _ssl.pyd.0.dr
Source: grass.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: grass.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: grass.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: grass.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: grass.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CC1D00 LoadLibraryA,GetProcAddress,GetCurrentThread,3_2_61CC1D00
Source: _helpers.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x15b8c
Source: _helpers_c.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x15676
Source: pyarmor_runtime.pyd.0.drStatic PE information: real checksum: 0x9c12b should be: 0xaaa50
Source: _quoting_c.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x263e6
Source: _http_parser.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x4b42b
Source: _http_writer.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc9ac
Source: _multidict.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xcc8d
Source: _websocket.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xba7b
Source: _frozenlist.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1a2df
Source: _brotli.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd0a91
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: pyarmor_runtime.pyd.0.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D489D8 push qword ptr [rax+60FFF8C3h]; ret 3_2_61D489E1
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CD5E02 push rdx; iretd 3_2_61CD5E03

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\grass.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d3_2_61CD2B30
Source: C:\Users\user\Desktop\grass.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d3_2_61CD2EE0
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\grass.exeProcess created: "C:\Users\user\Desktop\grass.exe"
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache\_helpers_c.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\grass.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\grass.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d3_2_61CD2B30
Source: C:\Users\user\Desktop\grass.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d3_2_61CD2EE0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E194C60 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF69E194C60
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache\_helpers_c.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\grass.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-19335
Source: C:\Users\user\Desktop\grass.exeAPI coverage: 1.5 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1987E0 FindFirstFileExW,FindClose,0_2_00007FF69E1987E0
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E197820 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF69E197820
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B2A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69E1B2A84
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1987E0 FindFirstFileExW,FindClose,3_2_00007FF69E1987E0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E197820 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF69E197820
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1B2A84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF69E1B2A84
Source: grass.exe, 00000003.00000002.2628108784.00000248F21A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19C69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69E19C69C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61CC1D00 LoadLibraryA,GetProcAddress,GetCurrentThread,3_2_61CC1D00
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B4690 GetProcessHeap,0_2_00007FF69E1B4690
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19C840 SetUnhandledExceptionFilter,0_2_00007FF69E19C840
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19BE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF69E19BE00
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19C69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69E19C69C
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1AB4F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69E1AB4F8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_61D40410 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,3_2_61D40410
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E19C840 SetUnhandledExceptionFilter,3_2_00007FF69E19C840
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E19BE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF69E19BE00
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E19C69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF69E19C69C
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FF69E1AB4F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF69E1AB4F8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9A06A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFB0B9A06A8
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B99FD80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFB0B99FD80
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9CEE80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFB0B9CEE80
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0B9CE8B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFB0B9CE8B0
Source: C:\Users\user\Desktop\grass.exeCode function: 3_2_00007FFB0BA84050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFB0BA84050
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Users\user\Desktop\grass.exe "C:\Users\user\Desktop\grass.exe"Jump to behavior
Source: C:\Users\user\Desktop\grass.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1BA780 cpuid 0_2_00007FF69E1BA780
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\libffi-7.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_brotli.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict\_multidict.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\propcache\_helpers_c.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\yarl\_quoting_c.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_helpers.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_brotli.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_writer.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_parser.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_websocket.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist\_frozenlist.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522\_decimal.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\Desktop\grass.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E19C580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF69E19C580
Source: C:\Users\user\Desktop\grass.exeCode function: 0_2_00007FF69E1B6E10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF69E1B6E10
Source: C:\Users\user\Desktop\grass.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Bootkit		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Bootkit		NTDS23
System Information Discovery		Distributed Component Object ModelInput Capture1
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
grass.exe12%ReversingLabsWin64.Malware.Generic
grass.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI75522\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_brotli.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_helpers.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_parser.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_writer.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_websocket.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist\_frozenlist.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\multidict\_multidict.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\propcache\_helpers_c.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000\pyarmor_runtime.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75522\yarl\_quoting_c.cp310-win_amd64.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://127.0.0.1:84430%Avira URL Cloudsafe
https://pendulum.eustace.io/docs/#tokens0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high
    time.windows.com
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://github.cograss.exe, 00000003.00000002.2628108784.00000248F222D000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/python-attrs/attrs/issues/251grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://klaviyo.com/grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
            		high
            https://github.com/aio-libs/aiohttp/discussions/6044grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://github.com/sdispatergrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://t.me/wibuairdrop142grass.exe, 00000003.00000002.2629131467.00000248F2E35000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2D3F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3030000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://python.orggrass.exe, 00000003.00000002.2628273752.00000248F23A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://python.org/dev/peps/pep-0263/grass.exe, 00000003.00000002.2631382922.00007FFB0C36F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.drfalse
                      		high
                      https://www.attrs.org/en/24.2.0/_static/sponsors/grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                        		high
                        http://python.org:80grass.exe, 00000003.00000002.2628273752.00000248F23A0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#grass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/sponsors/hynekMETADATA.0.drfalse
                              		high
                              https://github.com/python-attrs/attrs/issues/1328)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                		high
                                https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svggrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                  		high
                                  https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                    		high
                                    https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                      		high
                                      https://github.com/python-attrs/attrs)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                        		high
                                        https://www.attrs.org/)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                          		high
                                          https://docs.python.org/3/library/multiprocessing.html#contexts-and-start-methodsgrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://t.me/Vpooopooograss.exe, 00000003.00000002.2629131467.00000248F2E35000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2D3F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3030000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.killgrass.exe, 00000003.00000002.2628633488.00000248F28A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/python-attrs/attrs/issues/136grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1391979573.00000248F2623000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodegrass.exe, 00000003.00000002.2628541987.00000248F26A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/python-attrs/attrs/issues/1329)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                      		high
                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamegrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python-attrs/attrs/issues/1330)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                            		high
                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codegrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readergrass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.attrs.org/en/latest/names.html)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                    		high
                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulegrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesgrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://filepreviews.io/grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                          		high
                                                                          https://api.getgrass.io/logingrass.exe, 00000003.00000002.2628273752.00000248F23A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.attrs.org/en/stable/why.html#data-classes)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                              		high
                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sygrass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.python.org/3/library/functions.html#callablegrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.attrs.org/en/stable/changelog.htmlgrass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                    		high
                                                                                    https://www.variomedia.de/grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                      		high
                                                                                      https://bugs.python.org/issue37179grass.exe, 00000003.00000002.2628108784.00000248F222D000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pygrass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.attrs.org/METADATA.0.drfalse
                                                                                            		high
                                                                                            https://github.com/Qix-grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://html4/loose.dtdgrass.exe, 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                                		high
                                                                                                https://mahler:8092/site-updates.pygrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://pendulum.eustace.io/docs/#tokensgrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.python.org/download/releases/2.3/mro/.grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1387950192.00000248F21B3000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                    		high
                                                                                                    https://github.comgrass.exe, 00000003.00000002.2628706141.00000248F29C0000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3104000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/library/asyncio-eventloop.htmlgrass.exe, 00000003.00000002.2628778138.00000248F2B5C000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://python.org/grass.exe, 00000003.00000002.2628108784.00000248F21A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcegrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F19C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://peps.python.org/pep-0749/)-implementinggrass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                              		high
                                                                                                              https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/glossary.html#term-coroutine-functiongrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://127.0.0.1:8443grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://github.com/python-attrs/attrsgrass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                    		high
                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specgrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://.cssgrass.exe, 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                                                        		high
                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datagrass.exe, 00000003.00000002.2627789352.00000248F0108000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388498007.00000248F0109000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388628958.00000248F012C000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388989417.00000248F012C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://hynek.me/articles/import-attrs/)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                              		high
                                                                                                                              http://cacerts.digicert.cograss.exe, 00000000.00000003.1372329360.0000016256B7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynekgrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-supportgrass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.attrs.org/en/stable/changelog.html)METADATA.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://www.iana.org/time-zones/repository/tz-link.htmlgrass.exe, 00000003.00000003.1394207526.00000248F24A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/erezinman/loguru-configgrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.attrs.org/en/stable/comparison.html#customization)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                              		high
                                                                                                                                              http://.jpggrass.exe, 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.python.org/3/library/re.html#re-objectsgrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.attrs.org/en/24.2.0/_static/sponsors/Variomedia.svggrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://httpbin.org/postgrass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/Qix-/better-exceptionsgrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizigrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.attrs.org/en/24.2.0/_static/sponsors/Klaviyo.svggrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://ocsp.thawte.com0grass.exe, 00000000.00000003.1376523848.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.python.org/grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://t.me/inanitynoupcasegrass.exe, 00000003.00000002.2629131467.00000248F2E35000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628866343.00000248F2D3F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F24AE000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F24B0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2629146363.00000248F3030000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627789352.00000248F008F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://json.orggrass.exe, 00000003.00000002.2628346347.00000248F24F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.python.org/dev/peps/pep-0205/grass.exe, 00000000.00000003.1375069994.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1388164897.00000248F21C1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628201852.00000248F22A0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://peps.python.org/pep-0649/)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypigrass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/python-attrs/attrs/issues/428grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1391979573.00000248F2623000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packagegrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1383179962.00000248F00DD000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/python/cpython/pull/28073grass.exe, 00000003.00000002.2628778138.00000248F2B00000.00000004.00001000.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_modulegrass.exe, 00000003.00000003.1383127563.00000248F013A000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.attrs.org/en/24.2.0/_static/sponsors/FilePreviews.svggrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://docs.python.org/3/library/subprocess#subprocess.Popen.terminategrass.exe, 00000003.00000002.2627913587.00000248F1A4C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://pypi.org/project/attrs/)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://docs.python.org/3/howto/mro.htmlgrass.exe, 00000003.00000003.1394207526.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2628346347.00000248F25E0000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1391979573.00000248F2623000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://github.com/erezinmangrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.openssl.org/Hgrass.exe, 00000000.00000003.1376661483.0000016256B81000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmp, grass.exe, 00000003.00000002.2631138306.00007FFB0C019000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.attrs.org/en/24.2.0/_static/sponsors/Tidelift.svggrass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://docs.python.org/3/glossary.html#term-file-objectgrass.exe, 00000003.00000002.2628866343.00000248F2CB1000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000003.00000003.1394126354.00000248F2DDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://github.com/sponsors/hynek).grass.exe, 00000000.00000003.1374806302.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374716120.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374548986.0000016256B88000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374895066.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://stackoverflow.com/questions/tagged/python-attrs)grass.exe, 00000000.00000003.1374548986.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374586884.0000016256B84000.00000004.00000020.00020000.00000000.sdmp, grass.exe, 00000000.00000003.1374686499.0000016256B8F000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious

                                                                                                                                                                                                          Private

                                                                                                                                                                                                          IP
                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1559571
                                                                                                                                                                                                          Start date and time:2024-11-20 17:23:15 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 7m 53s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Run name:Potential for more IOCs and behavior
                                                                                                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:grass.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal52.winEXE@6/36@1/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 69
                                                                                                                                                                                                          • Number of non-executed functions: 230
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 40.81.94.65
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, twc.trafficmanager.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • VT rate limit hit for: grass.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          s-part-0035.t-0009.t-msedge.nethttps://vendor.ziphq.com/magic-link/b47e3e5c-c77a-4377-b922-4ceee97070f7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          PO 2725724312_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          ACH-information-Ag.pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          797F2AEA-982C-4B8E-84F4-E90FD6A89D27.1_originalmail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          prepper-wu.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          https://1.midlifemouse.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVFXRTNlSFU9JnVpZD1VU0VSMTIxMTIwMjRVNTUxMTEyMjQ=N0123Nexample@email.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          SnapshotPc.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          zhAJQgXa7S.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI75522\VCRUNTIME140.dllMutant spaceship.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            Mutant spaceship.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              Mage Alteration.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://github.com/thonny/thonny/releases/download/v4.1.6/thonny-4.1.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  crss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    GXxC9F1xYh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      BB.batGet hashmaliciousBraodoBrowse
                                                                                                                                                                                                                        aLRjksjY78.exeGet hashmaliciousHackBrowserBrowse
                                                                                                                                                                                                                          Bypass Apk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\VCRUNTIME140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):98224
                                                                                                                                                                                                                            Entropy (8bit):6.452201564717313
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                                                                                                                                                                            MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                                                                                                                                                                            SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                                                                                                                                                                            SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                                                                                                                                                                            SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: Mutant spaceship.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Mutant spaceship.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Mage Alteration.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: crss.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: GXxC9F1xYh.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: BB.bat, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: aLRjksjY78.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_asyncio.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):65304
                                                                                                                                                                                                                            Entropy (8bit):6.192082137044192
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:owmuopcJpmVwR40axzEfRILOnMv7SySmPxe:owmu4/mR40axzEfRILOnw3xe
                                                                                                                                                                                                                            MD5:33D0B6DE555DDBBBD5CA229BFA91C329
                                                                                                                                                                                                                            SHA1:03034826675AC93267CE0BF0EAEC9C8499E3FE17
                                                                                                                                                                                                                            SHA-256:A9A99A2B847E46C0EFCE7FCFEFD27F4BCE58BAF9207277C17BFFD09EF4D274E5
                                                                                                                                                                                                                            SHA-512:DBBD1DDFA445E22A0170A628387FCF3CB95E6F8B09465D76595555C4A67DA4274974BA7B348C4C81FE71C68D735C13AACB8063D3A964A8A0556FB000D68686B7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.../../../..../....../...*../...+../...,../.V..../....../....../.V."../.V./../.V..../.V.-../.Rich../.........PE..d.....,d.........." .....T..........`.....................................................`.........................................p...P.......d......................../...........v..T...........................pv..8............p...............................text...aR.......T.................. ..`.rdata...I...p...J...X..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_brotli.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):820736
                                                                                                                                                                                                                            Entropy (8bit):6.056282443190043
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:tY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfRFo:tp0NA1tAmZfR
                                                                                                                                                                                                                            MD5:EE3D454883556A68920CAAEDEFBC1F83
                                                                                                                                                                                                                            SHA1:45B4D62A6E7DB022E52C6159EEF17E9D58BEC858
                                                                                                                                                                                                                            SHA-256:791E7195D7DF47A21466868F3D7386CFF13F16C51FCD0350BF4028E96278DFF1
                                                                                                                                                                                                                            SHA-512:E404ADF831076D27680CC38D3879AF660A96AFC8B8E22FFD01647248C601F3C6C4585D7D7DC6BBD187660595F6A48F504792106869D329AA1A0F3707D7F777C6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.r.q...q...q...x...y......s...:...s......|......y......r.....r...q...L.....Q.....p.....p.....p...Richq...........PE..d... ..d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_bz2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):83736
                                                                                                                                                                                                                            Entropy (8bit):6.595094797707322
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe
                                                                                                                                                                                                                            MD5:86D1B2A9070CD7D52124126A357FF067
                                                                                                                                                                                                                            SHA1:18E30446FE51CED706F62C3544A8C8FDC08DE503
                                                                                                                                                                                                                            SHA-256:62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
                                                                                                                                                                                                                            SHA-512:7DB4B7E0C518A02AE901F4B24E3860122ACC67E38E73F98F993FE99EB20BB3AA539DB1ED40E63D6021861B54F34A5F5A364907FFD7DA182ADEA68BBDD5C2B535
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.>...m...m...m.}<m...m.p.l...m.jRm...m.p.l...m.p.l...m.p.l...mup.l...m.}.l...m...m...mup.l...mup.l...mupPm...mup.l...mRich...m................PE..d.....,d.........." .........\..............................................P............`......................................... ...H...h........0....... ..,......../...@......`...T...............................8............................................text.............................. ..`.rdata...=.......>..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_ctypes.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):123672
                                                                                                                                                                                                                            Entropy (8bit):6.047035801914277
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:0OEESRiaiH6lU1vxqfrId0sx3gVILLPykxA:hj+I1vAfrIRx3gN
                                                                                                                                                                                                                            MD5:1635A0C5A72DF5AE64072CBB0065AEBE
                                                                                                                                                                                                                            SHA1:C975865208B3369E71E3464BBCC87B65718B2B1F
                                                                                                                                                                                                                            SHA-256:1EA3DD3DF393FA9B27BF6595BE4AC859064CD8EF9908A12378A6021BBA1CB177
                                                                                                                                                                                                                            SHA-512:6E34346EA8A0AACC29CCD480035DA66E280830A7F3D220FD2F12D4CFA3E1C03955D58C0B95C2674AEA698A36A1B674325D3588483505874C2CE018135320FF99
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............d...d...d.......d...e...d...a...d...`...d...g...d.d.e...d...`...d...e...d.:.e...d...e.I.d.d.i...d.d.d...d.d...d.d.f...d.Rich..d.........................PE..d.....,d.........." ................@Z..............................................!.....`..........................................P.......P..................D......../..............T...........................0...8...............H............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_decimal.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):254744
                                                                                                                                                                                                                            Entropy (8bit):6.564308911485739
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:3LT2sto29vTlN5cdIKdo4/3VaV8FlBa9qWMa3pLW1A/T8O51j4iab9M:H2s/9vTlPcdk4vVtFU98iIu
                                                                                                                                                                                                                            MD5:20C77203DDF9FF2FF96D6D11DEA2EDCF
                                                                                                                                                                                                                            SHA1:0D660B8D1161E72C993C6E2AB0292A409F6379A5
                                                                                                                                                                                                                            SHA-256:9AAC010A424C757C434C460C3C0A6515D7720966AB64BAD667539282A17B4133
                                                                                                                                                                                                                            SHA-512:2B24346ECE2CBD1E9472A0E70768A8B4A5D2C12B3D83934F22EBDC9392D9023DCB44D2322ADA9EDBE2EB0E2C01B5742D2A83FA57CA23054080909EC6EB7CF3CA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........76..VX..VX..VX.....VX..#Y..VX..#]..VX..#\..VX..#[..VX.t#Y..VX...Y..VX..VY.+VX.t#[..VX.t#U..VX.t#X..VX.t#...VX.t#Z..VX.Rich.VX.........................PE..d.....,d.........." .....|...:.......................................................r....`..........................................T..P...0U...................'......./......<...0...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_hashlib.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):64792
                                                                                                                                                                                                                            Entropy (8bit):6.223467179037751
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:/smKJPganCspF1dqZAC2QjP2RILOIld7SyEPxDF:/smKpgNoF1dqZDnjP2RILOIv2xB
                                                                                                                                                                                                                            MD5:D4674750C732F0DB4C4DD6A83A9124FE
                                                                                                                                                                                                                            SHA1:FD8D76817ABC847BB8359A7C268ACADA9D26BFD5
                                                                                                                                                                                                                            SHA-256:CAA4D2F8795E9A55E128409CC016E2CC5C694CB026D7058FC561E4DD131ED1C9
                                                                                                                                                                                                                            SHA-512:97D57CFB80DD9DD822F2F30F836E13A52F771EE8485BC0FD29236882970F6BFBDFAAC3F2E333BBA5C25C20255E8C0F5AD82D8BC8A6B6E2F7A07EA94A9149C81E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..b?..b?..b?......b?..>..b?..:..b?..;..b?..<..b?.2.>..b?..>..b?.7.>..b?..b>.pb?.2.2..b?.2.?..b?.2....b?.2.=..b?.Rich.b?.........PE..d.....,d.........." .....P...........<....................................................`............................................P...0............................/......T....k..T............................k..8............`.. ............................text....N.......P.................. ..`.rdata..4P...`...R...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_lzma.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):158488
                                                                                                                                                                                                                            Entropy (8bit):6.8491143497239655
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:j0k3SXjD9aWpAn3rb7SbuDlvNgS4fWqEznfo9mNoFTSlXZ8Ax5ILZ1GIxq:j0kiXjD9v8X7Euk4wYOFTafxn
                                                                                                                                                                                                                            MD5:7447EFD8D71E8A1929BE0FAC722B42DC
                                                                                                                                                                                                                            SHA1:6080C1B84C2DCBF03DCC2D95306615FF5FCE49A6
                                                                                                                                                                                                                            SHA-256:60793C8592193CFBD00FD3E5263BE4315D650BA4F9E4FDA9C45A10642FD998BE
                                                                                                                                                                                                                            SHA-512:C6295D45ED6C4F7534C1A38D47DDC55FEA8B9F62BBDC0743E4D22E8AD0484984F8AB077B73E683D0A92D11BF6588A1AE395456CFA57DA94BB2A6C4A1B07984DE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.M...M...M...D..I.......O.......F.......E.......N.......N.......O...M...(.......w.......L.......L.......L...RichM...................PE..d...&.,d.........." .....`..........p3...............................................4....`.............................................L.......x....`.......@.......<.../...p..D...H{..T............................{..8............p...............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`.......0..............@..@.reloc..D....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_multiprocessing.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):34584
                                                                                                                                                                                                                            Entropy (8bit):6.41423936733334
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:eZt56pxGyC572edLMILWt3u5YiSyvCVPxWElj:eL5PyC572edLMILWt3E7SyqPx3
                                                                                                                                                                                                                            MD5:A9A0588711147E01EED59BE23C7944A9
                                                                                                                                                                                                                            SHA1:122494F75E8BB083DDB6545740C4FAE1F83970C9
                                                                                                                                                                                                                            SHA-256:7581EDEA33C1DB0A49B8361E51E6291688601640E57D75909FB2007B2104FA4C
                                                                                                                                                                                                                            SHA-512:6B580F5C53000DB5954DEB5B2400C14CB07F5F8BBCFC069B58C2481719A0F22F0D40854CA640EF8425C498FBAE98C9DE156B5CC04B168577F0DA0C6B13846A88
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........sF.. F.. F.. O.k D.. ...!D.. ...!J.. ...!N.. ...!E.. ...!D.. F.. ... ...!C.. ...!D.. ...!G.. ... G.. ...!G.. RichF.. ................PE..d.....,d.........." .........<......0.....................................................`.........................................0D..`....D..x....p.......`.......X.../..........P3..T............................3..8............0...............................text............................... ..`.rdata..L....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_overlapped.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):49944
                                                                                                                                                                                                                            Entropy (8bit):6.381980613434177
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:8AM30ie6tyw0lTnj1TulWXaSV2cFVNILXtP5YiSyvWPxWElh7:8AM3hacSV2UNILXth7SyuPxd7
                                                                                                                                                                                                                            MD5:FDF8663B99959031780583CCE98E10F5
                                                                                                                                                                                                                            SHA1:6C0BAFC48646841A91625D74D6B7D1D53656944D
                                                                                                                                                                                                                            SHA-256:2EBBB0583259528A5178DD37439A64AFFCB1AB28CF323C6DC36A8C30362AA992
                                                                                                                                                                                                                            SHA-512:A5371D6F6055B92AC119A3E3B52B21E2D17604E5A5AC241C008EC60D1DB70B3CE4507D82A3C7CE580ED2EB7D83BB718F4EDC2943D10CB1D377FA006F4D0026B6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........K..%..%..%.....%...$..%... ..%...!..%...&..%...$..%..$...%...$..%...!..%...(..%...%..%......%...'..%.Rich.%.........PE..d.....,d.........." .....>...X...... .....................................................`.........................................0w..X....w.........................../..........`U..T............................U..8............P...............................text....<.......>.................. ..`.rdata..F4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_queue.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):31512
                                                                                                                                                                                                                            Entropy (8bit):6.563116725717513
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:bxrUGCpa6rIxdK/rAwVILQU85YiSyvz5PxWEaAc:trUZIzYrAwVILQUG7SydPxDc
                                                                                                                                                                                                                            MD5:D8C1B81BBC125B6AD1F48A172181336E
                                                                                                                                                                                                                            SHA1:3FF1D8DCEC04CE16E97E12263B9233FBF982340C
                                                                                                                                                                                                                            SHA-256:925F05255F4AAE0997DC4EC94D900FD15950FD840685D5B8AA755427C7422B14
                                                                                                                                                                                                                            SHA-512:CCC9F0D3ACA66729832F26BE12F8E7021834BBEE1F4A45DA9451B1AA5C2E63126C0031D223AF57CF71FAD2C85860782A56D78D8339B35720194DF139076E0772
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a............................................V...................V......V......V......V......Rich....................PE..d.....,d.........." .........6......................................................N.....`.........................................@C..L....C..d....p.......`.......L.../...........3..T...........................p3..8............0.. ............................text...~........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_socket.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):79128
                                                                                                                                                                                                                            Entropy (8bit):6.284790077237953
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:ZmtvsXhgzrojAs9/s+S+pGLypbyxk/DDTBVILLwX7SyiPx9:c56OzyAs9/sT+pGLypb+k/XFVILLwX4f
                                                                                                                                                                                                                            MD5:819166054FEC07EFCD1062F13C2147EE
                                                                                                                                                                                                                            SHA1:93868EBCD6E013FDA9CD96D8065A1D70A66A2A26
                                                                                                                                                                                                                            SHA-256:E6DEB751039CD5424A139708475CE83F9C042D43E650765A716CB4A924B07E4F
                                                                                                                                                                                                                            SHA-512:DA3A440C94CB99B8AF7D2BC8F8F0631AE9C112BD04BADF200EDBF7EA0C48D012843B4A9FB9F1E6D3A9674FD3D4EB6F0FA78FD1121FAD1F01F3B981028538B666
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:...:...:...3.i.<...h...8...h...6...h...2...h...9.......8...:.......q...=.......;.......;.......;.......;...Rich:...........PE..d.....,d.........." .....l...........%.......................................P............`.............................................P............0....... ..<......../...@..........T..............................8............................................text...fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_ssl.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):160536
                                                                                                                                                                                                                            Entropy (8bit):6.027748879187965
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:OwYiZ+PtocHnVXhLlasuvMETxoEBA+nbUtGnBSonJCNI5ILC7Gax1:FYk+PtocHVxx/uvPCEwhGJ
                                                                                                                                                                                                                            MD5:7910FB2AF40E81BEE211182CFFEC0A06
                                                                                                                                                                                                                            SHA1:251482ED44840B3C75426DD8E3280059D2CA06C6
                                                                                                                                                                                                                            SHA-256:D2A7999E234E33828888AD455BAA6AB101D90323579ABC1095B8C42F0F723B6F
                                                                                                                                                                                                                            SHA-512:BFE6506FEB27A592FE9CF1DB7D567D0D07F148EF1A2C969F1E4F7F29740C6BB8CCF946131E65FE5AA8EDE371686C272B0860BD4C0C223195AAA1A44F59301B27
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.-...-...-.....-...,...-...(...-...)...-.......-.W.,...-.R.,...-...,...-...,...-.W. ...-.W.-...-.W....-.W./...-.Rich..-.................PE..d.....,d.........." ................l*..............................................%.....`.............................................d...........`.......P.......D.../...p..8.......T...............................8............................................text...(........................... ..`.rdata..6...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\_uuid.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):25368
                                                                                                                                                                                                                            Entropy (8bit):6.613762885337037
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:KYnvEaNKFDyuiBXK55ILZw59HQIYiSy1pCQNuPxh8E9VF0Ny8cIh:FTNK4uyXK55ILZwD5YiSyvEPxWEalh
                                                                                                                                                                                                                            MD5:B68C98113C8E7E83AF56BA98FF3AC84A
                                                                                                                                                                                                                            SHA1:448938564559570B269E05E745D9C52ECDA37154
                                                                                                                                                                                                                            SHA-256:990586F2A2BA00D48B59BDD03D3C223B8E9FB7D7FAB6D414BAC2833EB1241CA2
                                                                                                                                                                                                                            SHA-512:33C69199CBA8E58E235B96684346E748A17CC7F03FC068CFA8A7EC7B5F9F6FA90D90B5CDB43285ABF8B4108E71098D4E87FB0D06B28E2132357964B3EEA3A4F8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........eG...)...)...)..|....)..q(...)..q,...)..q-...)..q*...).rq(...)..|(...)...(...).rq!...).rq)...).rq....).rq+...).Rich..).........PE..d.....,d.........." .........&...... ........................................p.......-....`......................................... )..L...l)..x....P.......@.......4.../...`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata..f.... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_helpers.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):51712
                                                                                                                                                                                                                            Entropy (8bit):5.7041125634129175
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:oeUTOpetu1BFfHNJ+LWdK3E8qVymmc8pMvW5:oRTdUv+LhmEMvW
                                                                                                                                                                                                                            MD5:84EFA086513D1DE8B24F453A2DD91B4E
                                                                                                                                                                                                                            SHA1:C95E43FAEEAF82222C40A5D47358FCAD8EB0E4C7
                                                                                                                                                                                                                            SHA-256:0AC3C91C6DBABD361EBEA7C61469BE7D18F5283AAE2C9A60227E15BB93E83246
                                                                                                                                                                                                                            SHA-512:B10023B756341959574556506000CBF33E04305686BE196F0D43408B01532E17664528422A4F08BA5318988A32D003A5746D57C3C7C0C5CAC53C8117E0FF3E41
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........oB[..,...,...,..v....,...-...,..v-...,.../...,...(...,...)...,.f{-...,...-...,..$...,..,...,......,......,.Rich..,.........................PE..d....A.g.........." ...).z...T......P|....................................... ............`.............................................`.......d...................................................................P...@............................................text....x.......z.................. ..`.rdata...5.......6...~..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_parser.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):264192
                                                                                                                                                                                                                            Entropy (8bit):6.178431284084252
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:7V3pdfjogjEArAZYrbfQvfC4MfNba5bje:7V3HfDEZUbKvMfNbV
                                                                                                                                                                                                                            MD5:B1B2574FCF395C0F81100181148F2FC5
                                                                                                                                                                                                                            SHA1:5BFC0F84F0AD0E11DCB2227C49C20F404295C5D4
                                                                                                                                                                                                                            SHA-256:07C81EA73DD53EFB7BFCE96B3BE5C30A66B5F2481AD4084709EEC651344B46E5
                                                                                                                                                                                                                            SHA-512:0EF9B736E5418274A6450101DF53B19F5F3C0919BC3AFAE92414C5CAEEFB4DC3CAF21637552D6DE8973A69E9512A05B10862400FADDF253AC798FB4F2318A86D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...WR..WR..WR...R..WR.kVS..WR.VS..WRj.VS..WR..VRF.WR.kTS..WR.kSS..WR.kRS..WR.j_S..WR.jWS..WR.j.R..WR.jUS..WRRich..WR........................PE..d....A.g.........." ...).,.........../....................................................`.....................................................x....`.......@...............p..\......................................@............@...............................text....+.......,.................. ..`.rdata..^....@.......0..............@..@.data....F..........................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..\....p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_http_writer.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                            Entropy (8bit):5.738032375859604
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:Vt3vkODNZlemsoR1PBY+m5B1osfQkC++lhnvN7nBlme43w8lWlU2N:VNMOx6FSPBvm7esfdvsvZn6ekRlWDN
                                                                                                                                                                                                                            MD5:A3D2A55CAEA54786E254E57D8D4177E0
                                                                                                                                                                                                                            SHA1:F75D9067E6CC4E5C21E2AD6322D73492F8E32857
                                                                                                                                                                                                                            SHA-256:92E2DBE7E3375156C6A727B34E8B8093966CF4EACAC7F360BE87367665066624
                                                                                                                                                                                                                            SHA-512:6221A971D0542381A30E857C76A0DFD45776DFC094CE08D88D7E85EAEC3F59DE41FA972325336600CF427F916059EBE26CCC9189417F599C1DC140876EFC165C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.T.............v?..............v..............................b{..........4................S...........Rich....................PE..d....A.g.........." ...).v...........x.......................................P............`............................................h...X...d....0....... ..0............@......`............................... ...@...............H............................text....u.......v.................. ..`.rdata...0.......2...z..............@..@.data...(N..........................@....pdata..0.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\aiohttp\_websocket.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                                                                            Entropy (8bit):5.597373809979222
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:YrQD04NPV+wT4787qUpfuk4HI6cXOcl8BHCWWwGeq:IVEPV9U78T54HrDH5WwGe
                                                                                                                                                                                                                            MD5:4EC888267E4CE9402B3F7D33105D7D13
                                                                                                                                                                                                                            SHA1:3C151A358704F0E34DE3EDE88041062A62820A18
                                                                                                                                                                                                                            SHA-256:411E28F9A3EE60BD4AA8DB7A7EAE3DD19AEB063F3E3C7A8935DF6D0A28624F46
                                                                                                                                                                                                                            SHA-512:400F0C26DF99B58E6595D2F3FFBA0BD4BCFCAFCDDFF9D0E9D86C2926C98257A6CB09F147409BF431CB7DB02B6B19A5004AFFDCBDE1D13A1F2F4781965AB0EFA1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........oB[..,...,...,..v....,...-...,..v-...,.../...,...(...,...)...,.f{-...,...-.%.,..$...,..,...,......,......,.Rich..,.........................PE..d....A.g.........." ...).N...D......0P....................................................`..........................................|..d...t|..d...............4................... s...............................q..@............`...............................text....L.......N.................. ..`.rdata...+...`...,...R..............@..@.data................~..............@....pdata..4...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info\INSTALLER

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info\METADATA

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (411)
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):11524
                                                                                                                                                                                                                            Entropy (8bit):5.211520136058075
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:ERsUfi6bkQk+k/kKkegToJWicnJsPVA1oz2dv7COmoKTACoEJdQ/0G6lWg+JdQV5:ERsXpLs3VoJWRnJsPvz2dDCHoKsLgA6z
                                                                                                                                                                                                                            MD5:49CABCB5F8DA14C72C8C3D00ADB3C115
                                                                                                                                                                                                                            SHA1:F575BECF993ECDF9C6E43190C1CB74D3556CF912
                                                                                                                                                                                                                            SHA-256:DC9824E25AFD635480A8073038B3CDFE6A56D3073A54E1A6FB21EDD4BB0F207C
                                                                                                                                                                                                                            SHA-512:923DAEEE0861611D230DF263577B3C382AE26400CA5F1830EE309BD6737EED2AD934010D61CDD4796618BEDB3436CD772D9429A5BED0A106EF7DE60E114E505C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Metadata-Version: 2.3.Name: attrs.Version: 24.2.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: GitHub, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Languag

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info\RECORD

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3556
                                                                                                                                                                                                                            Entropy (8bit):5.814247636010401
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:Q9ewplxJT/oPynEddwBbCobXm9qGmR5VXzskcGD+qLtxO:2ewXdJCKXGeR/XzKiO
                                                                                                                                                                                                                            MD5:48C3E62C23B44C5C1B03F2634154C391
                                                                                                                                                                                                                            SHA1:7E674C4D1EC604BB62103DBEEB008350FF159EE7
                                                                                                                                                                                                                            SHA-256:0B638F04D30B4FF714170AC499F89142868A36760532ED20017263E9CC85136C
                                                                                                                                                                                                                            SHA-512:99B720AF1775F6A264C28817E44112CD6422E8716E62221946629D08FA1EC06FFB4E9076E55429CB19A9F07C7E95B2BDC01C6523178E7DFB824841C954ED0C16
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:attr/__init__.py,sha256=l8Ewh5KZE7CCY0i1iDfSCnFiUTIkBVoqsXjX9EZnIVA,2087..attr/__init__.pyi,sha256=aTVHBPX6krCGvbQvOl_UKqEzmi2HFsaIVm2WKmAiqVs,11434..attr/__pycache__/__init__.cpython-310.pyc,,..attr/__pycache__/_cmp.cpython-310.pyc,,..attr/__pycache__/_compat.cpython-310.pyc,,..attr/__pycache__/_config.cpython-310.pyc,,..attr/__pycache__/_funcs.cpython-310.pyc,,..attr/__pycache__/_make.cpython-310.pyc,,..attr/__pycache__/_next_gen.cpython-310.pyc,,..attr/__pycache__/_version_info.cpython-310.pyc,,..attr/__pycache__/converters.cpython-310.pyc,,..attr/__pycache__/exceptions.cpython-310.pyc,,..attr/__pycache__/filters.cpython-310.pyc,,..attr/__pycache__/setters.cpython-310.pyc,,..attr/__pycache__/validators.cpython-310.pyc,,..attr/_cmp.py,sha256=3umHiBtgsEYtvNP_8XrQwTCdFoZIX4DEur76N-2a3X8,4123..attr/_cmp.pyi,sha256=U-_RU_UZOyPUEQzXE6RMYQQcjkZRY25wTH99sN0s7MM,368..attr/_compat.py,sha256=n2Uk3c-ywv0PkFfGlvqR7SzDXp4NOhWmNV_ZK6YfWoM,2958..attr/_config.py,sha256=z81Vt-GeT_2taxs1XZfmHx9TWlSxjP

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info\WHEEL

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):87
                                                                                                                                                                                                                            Entropy (8bit):4.730668933656452
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:RtEeXAaCTQnP+tPCCfA5I:Rt2PcnWBB3
                                                                                                                                                                                                                            MD5:52ADFA0C417902EE8F0C3D1CA2372AC3
                                                                                                                                                                                                                            SHA1:B67635615EEF7E869D74F4813B5DC576104825DD
                                                                                                                                                                                                                            SHA-256:D7215D7625CC9AF60AED0613AAD44DB57EBA589D0CCFC3D8122114A0E514C516
                                                                                                                                                                                                                            SHA-512:BFA87E7B0E76E544C2108EF40B9FAC8C5FF4327AB8EDE9FEB2891BD5D38FEA117BD9EEBAF62F6C357B4DEADDAD5A5220E0B4A54078C8C2DE34CB1DD5E00F2D62
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: hatchling 1.25.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\attrs-24.2.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1109
                                                                                                                                                                                                                            Entropy (8bit):5.104415762129373
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                            MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                                            SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                                            SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                                            SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\base_library.zip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):880569
                                                                                                                                                                                                                            Entropy (8bit):5.68298547144186
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:cgYJu4KXWyBC6S4IEa8A4a2Ya2xdOVwx/fpEh+rtSLMN6:cgYJiVBFLa2xTVwx/fpEh++MN6
                                                                                                                                                                                                                            MD5:4C60BCC38288ED81C09957FC6B4CD7CD
                                                                                                                                                                                                                            SHA1:E7F08D71E567EA73BB30656953837314C8D715A7
                                                                                                                                                                                                                            SHA-256:9D6F7B75918990EC9CD5820624130AF309A2045119209BD90B4F70BC3ABD3733
                                                                                                                                                                                                                            SHA-512:856D97B81A2CB53DCBA0136AFA0782E0F3F81BEA46F98E0247582B2E28870B837BE3C03E87562B918EC6BC76469EECC2C22599238D191D3FBA467F7031A2ACAA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..........!..,..5...5......._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\frozenlist\_frozenlist.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):86016
                                                                                                                                                                                                                            Entropy (8bit):5.9308989665858585
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:ZmwCw3vZ1w4vI1FxF6S2s0suvV81dvUflo6vp9862WhFo1emYU+:Z/CwxqC+bsNlflo6h93FiemYL
                                                                                                                                                                                                                            MD5:911470750962640CEB3FD11E2AEECD14
                                                                                                                                                                                                                            SHA1:AF797451D4028841D92F771885CB9D81AFBA3F96
                                                                                                                                                                                                                            SHA-256:5C204F6966526AF4DC0C0D6D29909B6F088C4FA781464F2948414D833B03094D
                                                                                                                                                                                                                            SHA-512:637043C20DC17FBC472613C0E4F576F0A2211B7916B3488806AEC30271CF1BD84BD790518335B88910662FD4844F8ED39FA75AA278577271A966756B8CD793F7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._5..1f..1f..1f.f..1f..0g..1f..0g..1f..4g..1f..5g..1f..2g..1f..0g..1f..0fS.1f.q9g..1f.q1g..1f.q.f..1f.q3g..1fRich..1f........................PE..d.....{e.........." ...%.....t......p.....................................................`.........................................p6..h....6..x............p..4....................&...............................$..@...............(............................text............................... ..`.rdata...I.......J..................@..@.data...P....P.......2..............@....pdata..4....p.......@..............@..@.rsrc................L..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\libcrypto-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3450648
                                                                                                                                                                                                                            Entropy (8bit):6.098075450035195
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA
                                                                                                                                                                                                                            MD5:9D7A0C99256C50AFD5B0560BA2548930
                                                                                                                                                                                                                            SHA1:76BD9F13597A46F5283AA35C30B53C21976D0824
                                                                                                                                                                                                                            SHA-256:9B7B4A0AD212095A8C2E35C71694D8A1764CD72A829E8E17C8AFE3A55F147939
                                                                                                                                                                                                                            SHA-512:CB39AA99B9D98C735FDACF1C5ED68A4D09D11F30262B91F6AA48C3F8520EFF95E499400D0CE7E280CA7A90FF6D7141D2D893EF0B33A8803A1CADB28BA9A9E3E2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].q...q...q....M..q.......q.......q.......q.......q...q..[q.......q.......q.......s.......q....!..q.......q..Rich.q..........................PE..d......c.........." ..."..$.................................................. 5......%5...`.........................................../..h...Z4.@.....4.|.....2......x4../....4..O....-.8.............................-.@............P4..............................text.....$.......$................. ..`.rdata..&.....%.......$.............@..@.data...!z....2..,....1.............@....pdata........2.......2.............@..@.idata..^#...P4..$....3.............@..@.00cfg..u.....4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\libffi-7.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32792
                                                                                                                                                                                                                            Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                            MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                            SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                            SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                            SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\libssl-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):704792
                                                                                                                                                                                                                            Entropy (8bit):5.5573527806738126
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:WhO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0TGqwfU2lvz2:2is/POtrzbLp5dQ0TGqcU2lvz2
                                                                                                                                                                                                                            MD5:BEC0F86F9DA765E2A02C9237259A7898
                                                                                                                                                                                                                            SHA1:3CAA604C3FFF88E71F489977E4293A488FB5671C
                                                                                                                                                                                                                            SHA-256:D74CE01319AE6F54483A19375524AA39D9F5FD91F06CF7DF238CA25E043130FD
                                                                                                                                                                                                                            SHA-512:FFBC4E5FFDB49704E7AA6D74533E5AF76BBE5DB297713D8E59BD296143FE5F145FBB616B343EED3C48ECEACCCCC2431630470D8975A4A17C37EAFCC12EDD19F4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1}q.1}q.1}q.8..=}q.~.p.3}q.z.p.3}q.~.t.=}q.~.u.9}q.~.r.5}q...p.2}q.1}p..|q...u..}q...q.0}q.....0}q...s.0}q.Rich1}q.........PE..d......c.........." ...".D...T......<................................................i....`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\multidict\_multidict.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):47616
                                                                                                                                                                                                                            Entropy (8bit):5.316469446718147
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:3Y2vE6F6hmSrnDe651sYEYMXMBkYcE6n0/d3g:oAoVDeWlEEBkYcDni
                                                                                                                                                                                                                            MD5:95463F615865A472F75DDB365644A571
                                                                                                                                                                                                                            SHA1:91F22EF3F2FFD3E9D6CE6E58BEEA9A96287B090B
                                                                                                                                                                                                                            SHA-256:9EE77474D244A17337D4CCC5113FE4AF7B4D86F9969293A884927718D06E63C8
                                                                                                                                                                                                                            SHA-512:E3CCCCE9EBF5E7CF33E68046D3E7B59E454CCB791635EB5F405977FD270126EF8B58E6288DBE58C96B681361D81EF28720EBA8D0BD389BFB0F4C3114D098A117
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.T.............v?............v........................&{................................S.............Rich............PE..d....|.f.........." ...).\...`......`^....................................................`.............................................d.......d...............................L.......................................@............p...............................text....Z.......\.................. ..`.rdata...,...p.......`..............@..@.data....#..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\propcache\_helpers_c.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):74752
                                                                                                                                                                                                                            Entropy (8bit):5.867031753273455
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:AW91laAiAWZ0VEhefLGCUjV3LzATqzPgC9Z:b93MAWiPKCUBXbzPgC
                                                                                                                                                                                                                            MD5:41E139669CACB62EE4E06EF7EB1A647E
                                                                                                                                                                                                                            SHA1:1FA1274A9F7A0E53458F641C115F7407910E6CB1
                                                                                                                                                                                                                            SHA-256:B6FBAC3A2BAA833F34C327BE227A816DF47B11F45AC8A42E7B75C42E90C65353
                                                                                                                                                                                                                            SHA-512:98E9810A91C74B2241826D96CAE0B124CD8EACED629B502654C537C8EF7F1D3462ACCFB5BF3FB91069616C9501EB68B6A66F42E51927C3A167E1AD81CC27C8C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.T.............v?..............v..............................b{...........................S...........Rich....................PE..d......g.........." ...).....l......@........................................p............`.............................................d.......d....P.......@..l............`..T.......................................@............................................text............................... ..`.rdata...E.......F..................@..@.data........ ......................@....pdata..l....@......................@..@.rsrc........P....... ..............@..@.reloc..T....`......."..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):634368
                                                                                                                                                                                                                            Entropy (8bit):6.200200567944878
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:UUAzxvOPjVmnc39ZldctO7fUoP/epy57mBTIK24KdJPvtBN1BQgnEIPuVZQckeSm:UUAzJEJmnctjdcg7fUoP28N55nEf8g1
                                                                                                                                                                                                                            MD5:55557510BCCE2421BD71ECF0F7ECC9AA
                                                                                                                                                                                                                            SHA1:CF3EDB8F51FAC62EC374073AD0A3223691DDC99B
                                                                                                                                                                                                                            SHA-256:D227F2184A7EA3AD2765610936CF853F36887508B212D5479EED4F49508246C3
                                                                                                                                                                                                                            SHA-512:3F5486F73026E32296F3B52CE7115F97C8C6BC55E78716B85BA7E8C6023105704591F240EF4B00667139570D3AD3206E13E87A197BEC3E2F5975B5771EAAEE3A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".............h..0..........a....................................+......... .........................................].... ..D3...........@...$..............................................(...................(+...............................text...............................`.P`.data...0F... ...H..................@.`..rdata..`....p.......\..............@.`@.pdata...$...@...&..."..............@.0@.xdata...&...p...(...H..............@.0@.bss.....f............................`..edata..]............p..............@.0@.idata..D3... ...4...r..............@.0..CRT....X....`......................@.@..tls.........p......................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\pyexpat.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):198936
                                                                                                                                                                                                                            Entropy (8bit):6.372446720663998
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:13BAJzkk5dT6F62eqf2A3zVnjIHdAPKReewMP12yGUfT0+SYyWgOmrpjAxvwnVIq:FQg4dT6N5OA3zVnjNed4yGKTKR/
                                                                                                                                                                                                                            MD5:1118C1329F82CE9072D908CBD87E197C
                                                                                                                                                                                                                            SHA1:C59382178FE695C2C5576DCA47C96B6DE4BBCFFD
                                                                                                                                                                                                                            SHA-256:4A2D59993BCE76790C6D923AF81BF404F8E2CB73552E320113663B14CF78748C
                                                                                                                                                                                                                            SHA-512:29F1B74E96A95B0B777EF00448DA8BD0844E2F1D8248788A284EC868AE098C774A694D234A00BD991B2D22C2372C34F762CDBD9EC523234861E39C0CA752DCAA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...sn.Jsn.Jsn.Jz.:J.n.J!..Kqn.J!..K.n.J!..K{n.J!..Kpn.J...Kqn.J8..Kpn.Jsn.J.n.J...Kwn.J...Krn.J..VJrn.J...Krn.JRichsn.J................PE..d.....,d.........." ......................................................................`.........................................p...P................................/...........4..T...........................05..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\python310.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4458776
                                                                                                                                                                                                                            Entropy (8bit):6.460390021076921
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:myrXfGIy+Bqk5c5Ad2nwZT3Q6wsV136cR2DZvbK30xLNZcAgVBvcpYcvl1IDWbH3:Uw5tVBlicWdvoDkHUMF7Ph/qe
                                                                                                                                                                                                                            MD5:63A1FA9259A35EAEAC04174CECB90048
                                                                                                                                                                                                                            SHA1:0DC0C91BCD6F69B80DCDD7E4020365DD7853885A
                                                                                                                                                                                                                            SHA-256:14B06796F288BC6599E458FB23A944AB0C843E9868058F02A91D4606533505ED
                                                                                                                                                                                                                            SHA-512:896CAA053F48B1E4102E0F41A7D13D932A746EEA69A894AE564EF5A84EF50890514DECA6496E915AAE40A500955220DBC1B1016FE0B8BCDDE0AD81B2917DEA8B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<...<...<...I...<...Sc..<...I...<...I...<...I...<...D...<...D...<...<...=..+I../<..+I...<..+Ia..<..+I...<..Rich.<..........................PE..d.....,d.........." .....V#..v!...............................................E.....".D...`.........................................`.<.....@.=.|.....D......`B.......C../....D..t....$.T...........................P.$.8............p#.8............................text...bT#......V#................. ..`.rdata...B...p#..D...Z#.............@..@.data... .....=.......=.............@....pdata.......`B......HA.............@..@PyRuntim`....pD......VC.............@....rsrc.........D......ZC.............@..@.reloc...t....D..v...dC.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\select.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):29976
                                                                                                                                                                                                                            Entropy (8bit):6.627859470728624
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:gUC2hwhVHqOmEVILQG35YiSyvrYPxWEl6:FC2ehVKOmEVILQGp7SyEPxe
                                                                                                                                                                                                                            MD5:A653F35D05D2F6DEBC5D34DADDD3DFA1
                                                                                                                                                                                                                            SHA1:1A2CEEC28EA44388F412420425665C3781AF2435
                                                                                                                                                                                                                            SHA-256:DB85F2F94D4994283E1055057372594538AE11020389D966E45607413851D9E9
                                                                                                                                                                                                                            SHA-512:5AEDE99C3BE25B1A962261B183AE7A7FB92CB0CB866065DC9CD7BB5FF6F41CC8813D2CC9DE54670A27B3AD07A33B833EAA95A5B46DAD7763CA97DFA0C1CE54C9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!.F.O.F.O.F.O.O...D.O...N.D.O...J.M.O...K.N.O...L.B.O...N.D.O.F.N...O...N.C.O...B.G.O...O.G.O....G.O...M.G.O.RichF.O.................PE..d.....,d.........." .........0......................................................;\....`.........................................`@..L....@..x....p.......`.......F.../......H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\unicodedata.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1123608
                                                                                                                                                                                                                            Entropy (8bit):5.3853088605790385
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:6mwlRMmuZ63NTQCb5Pfhnzr0ql8L8kcM7IRG5eeme6VZyrIBHdQLhfFE+uQfk:ulRuUZV0m8UMMREtV6Vo4uYQfk
                                                                                                                                                                                                                            MD5:81D62AD36CBDDB4E57A91018F3C0816E
                                                                                                                                                                                                                            SHA1:FE4A4FC35DF240B50DB22B35824E4826059A807B
                                                                                                                                                                                                                            SHA-256:1FB2D66C056F69E8BBDD8C6C910E72697874DAE680264F8FB4B4DF19AF98AA2E
                                                                                                                                                                                                                            SHA-512:7D15D741378E671591356DFAAD4E1E03D3F5456CBDF87579B61D02A4A52AB9B6ECBFFAD3274CEDE8C876EA19EAEB8BA4372AD5986744D430A29F50B9CAFFB75D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$z.eJ).eJ).eJ)...).eJ)..K(.eJ)..O(.eJ)..N(.eJ)..I(.eJ)|.K(.eJ)..K(.eJ).eK).eJ)|.G(.eJ)|.J(.eJ)|..).eJ)|.H(.eJ)Rich.eJ)........................PE..d.....,d.........." .....B.......... *.......................................@......Q.....`.............................................X............ ..........H......../...0.......`..T........................... a..8............`..x............................text...9A.......B.................. ..`.rdata.......`.......F..............@..@.data...............................@....pdata..H...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75522\yarl\_quoting_c.cp310-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):95744
                                                                                                                                                                                                                            Entropy (8bit):5.987843155161849
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:0xvdW+D03Yh2/DL5jsvblQEgPVw8x7Arz+YAK/2RP:0xvw203Yh2/h8OVJArz+YAK/2RP
                                                                                                                                                                                                                            MD5:2CE8C33EF12C8556A50F0BBCCDACB1F7
                                                                                                                                                                                                                            SHA1:1C25DDC5CDCAA06735610BAB39C011834BAB1E16
                                                                                                                                                                                                                            SHA-256:C77F026E36348610BE60C4BC1FC356CD9EFF381E8B033CCB0E366F0BFE691E54
                                                                                                                                                                                                                            SHA-512:98BDD35B4262D8A836DB351919C8BE857B5CB1BD08E9CD1987586DE305FF782E6DE0770000475E9D416C5D28E951EC0634B90E6239A4DD31915D11E4D7A6764B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J..].................K.....E.......K......K......K.................FJ.....FJ.....FJj....FJ.....Rich...........................PE..d......g.........." ...)............P.....................................................`..........................................Y..d...tY..x...............................,....G...............................F..@............ ..h............................text............................... ..`.rdata..`M... ...N..................@..@.data...P7...p.......Z..............@....pdata...............f..............@..@.rsrc................r..............@..@.reloc..,............t..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.938875728519838
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win64 Executable Console (202006/5) 92.65%
                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                            File name:grass.exe
                                                                                                                                                                                                                            File size:8'394'086 bytes
                                                                                                                                                                                                                            MD5:bde4b588168e995961f49b6cb7576594
                                                                                                                                                                                                                            SHA1:1a28c66e77e4a7cea5b2e49d116dd20d3d046120
                                                                                                                                                                                                                            SHA256:bedf5dc3e40558fcffb4eee7d9efc20db06a1f77433e0c46d247dd4f2640e6f0
                                                                                                                                                                                                                            SHA512:e2fb48085f459e303eadfd6b743aec5dd020f4cd1599b6e4692af10f8247506de7cae233765a3cb77a8dd89ff75beeca3d9777f167cd7b4ad121fceeefb89c05
                                                                                                                                                                                                                            SSDEEP:196608:6q2FfGXmGPyDfyGgIPawBdnpkYRM6ipe8u2h:d22yDfDgsac66Cjh
                                                                                                                                                                                                                            TLSH:EF8633A1225009D2E4F69638C991C579F6B2BC234392DA8757F87FA33E33B905E36741
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rh.X6...6...6...}q..1...}q......}q..<...&.W.4...&...?...&...'...&.......}q..1...6.......~.../...~...7...Rich6...........PE..d..

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:f0362d2f2b2b8c4a

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x14000c320
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0x67248094 [Fri Nov 1 07:17:40 2024 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:a06f302f71edd380da3d5bf4a6d94ebd

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007F06E8EE36CCh
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            jmp 00007F06E8EE32DFh
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007F06E8EE3A58h
                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                            je 00007F06E8EE3493h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                            jmp 00007F06E8EE3477h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            cmp ecx, eax
                                                                                                                                                                                                                            je 00007F06E8EE3486h
                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            cmpxchg dword ptr [0003820Ch], ecx
                                                                                                                                                                                                                            jne 00007F06E8EE3460h
                                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                                            jmp 00007F06E8EE3469h
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            test ecx, ecx
                                                                                                                                                                                                                            jne 00007F06E8EE3479h
                                                                                                                                                                                                                            mov byte ptr [000381F5h], 00000001h
                                                                                                                                                                                                                            call 00007F06E8EE2BB5h
                                                                                                                                                                                                                            call 00007F06E8EE3E70h
                                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                                            jne 00007F06E8EE3476h
                                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                                            jmp 00007F06E8EE3486h
                                                                                                                                                                                                                            call 00007F06E8EF237Fh
                                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                                            jne 00007F06E8EE347Bh
                                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                                            call 00007F06E8EE3E80h
                                                                                                                                                                                                                            jmp 00007F06E8EE345Ch
                                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                                            cmp byte ptr [000381BCh], 00000000h
                                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                                            jne 00007F06E8EE34D9h
                                                                                                                                                                                                                            cmp ecx, 01h
                                                                                                                                                                                                                            jnbe 00007F06E8EE34DCh
                                                                                                                                                                                                                            call 00007F06E8EE39CEh
                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                            je 00007F06E8EE349Ah
                                                                                                                                                                                                                            test ebx, ebx
                                                                                                                                                                                                                            jne 00007F06E8EE3496h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            lea ecx, dword ptr [000381A6h]
                                                                                                                                                                                                                            call 00007F06E8EF2172h

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3ea140x50.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000x3e634.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x22d4.pdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000x768.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3bfb00x1c.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3be700x140.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x400.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x2b1100x2b200e9069e99481418d9e681710a5e65ed17False0.5452728713768116data6.496015168861512IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rdata0x2d0000x1282a0x12a005fa58115f98129f7f385b187f0077746False0.5233719588926175data5.766657473020416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x400000x54080xe00aff56347f897785154c53727472c548dFalse0.13504464285714285data1.8315705466577277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .pdata0x460000x22d40x2400a913f5d0501c0c45f31faa2f4229aef1False0.4764539930555556data5.355998213989185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rsrc0x490000x3e6340x3e80076a626aa6b0fa6c9984fd79e3adcc0f2False0.03837109375data1.4508693364120127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x880000x7680x80042d6242177dbae8e11ed5d64b87d0d48False0.5576171875data5.268722219019965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0x490e80x3e028Device independent bitmap graphic, 240 x 512 x 32, image size 245760, resolution 11339 x 11339 px/m0.03509559356200195
                                                                                                                                                                                                                            RT_GROUP_ICON0x871100x14data1.2
                                                                                                                                                                                                                            RT_MANIFEST0x871240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            USER32.dllTranslateMessage, ShutdownBlockReasonCreate, GetWindowThreadProcessId, SetWindowLongPtrW, GetWindowLongPtrW, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, CreateWindowExW, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, GetMessageW
                                                                                                                                                                                                                            KERNEL32.dllGetTimeZoneInformation, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, GetStringTypeW, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, HeapSize, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesExW, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetDriveTypeW, IsDebuggerPresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW
                                                                                                                                                                                                                            ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Nov 20, 2024 17:24:17.036752939 CET5040353192.168.2.71.1.1.1

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Nov 20, 2024 17:24:17.036752939 CET192.168.2.71.1.1.10x8b69Standard query (0)time.windows.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Nov 20, 2024 17:24:17.173465014 CET1.1.1.1192.168.2.70x8b69No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Nov 20, 2024 17:24:18.129615068 CET1.1.1.1192.168.2.70xe649No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Nov 20, 2024 17:24:18.129615068 CET1.1.1.1192.168.2.70xe649No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:11:24:21
                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\grass.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff69e190000
                                                                                                                                                                                                                            File size:8'394'086 bytes
                                                                                                                                                                                                                            MD5 hash:BDE4B588168E995961F49B6CB7576594
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                            Start time:11:24:21
                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff75da10000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                            Start time:11:24:22
                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\grass.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff69e190000
                                                                                                                                                                                                                            File size:8'394'086 bytes
                                                                                                                                                                                                                            MD5 hash:BDE4B588168E995961F49B6CB7576594
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                            Start time:11:24:23
                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                            Imagebase:0x7ff68e7c0000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:9.3%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:16.1%
                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                              Total number of Limit Nodes:37
                                                                                                                                                                                                                              execution_graph 17368 7ff69e1b1ad8 17369 7ff69e1b1afc 17368->17369 17372 7ff69e1b1b0c 17368->17372 17370 7ff69e1a5de8 _set_fmode 11 API calls 17369->17370 17371 7ff69e1b1b01 17370->17371 17373 7ff69e1b1dec 17372->17373 17374 7ff69e1b1b2e 17372->17374 17375 7ff69e1a5de8 _set_fmode 11 API calls 17373->17375 17376 7ff69e1b1b4f 17374->17376 17517 7ff69e1b2194 17374->17517 17377 7ff69e1b1df1 17375->17377 17380 7ff69e1b1bc1 17376->17380 17382 7ff69e1b1b75 17376->17382 17390 7ff69e1b1bb5 17376->17390 17379 7ff69e1ab404 __free_lconv_mon 11 API calls 17377->17379 17379->17371 17384 7ff69e1afda4 _set_fmode 11 API calls 17380->17384 17400 7ff69e1b1b84 17380->17400 17381 7ff69e1b1c6e 17389 7ff69e1b1c8b 17381->17389 17397 7ff69e1b1cdd 17381->17397 17532 7ff69e1aa59c 17382->17532 17387 7ff69e1b1bd7 17384->17387 17386 7ff69e1ab404 __free_lconv_mon 11 API calls 17386->17371 17391 7ff69e1ab404 __free_lconv_mon 11 API calls 17387->17391 17394 7ff69e1ab404 __free_lconv_mon 11 API calls 17389->17394 17390->17381 17390->17400 17538 7ff69e1b833c 17390->17538 17395 7ff69e1b1be5 17391->17395 17392 7ff69e1b1b7f 17396 7ff69e1a5de8 _set_fmode 11 API calls 17392->17396 17393 7ff69e1b1b9d 17393->17390 17399 7ff69e1b2194 45 API calls 17393->17399 17398 7ff69e1b1c94 17394->17398 17395->17390 17395->17400 17404 7ff69e1afda4 _set_fmode 11 API calls 17395->17404 17396->17400 17397->17400 17401 7ff69e1b45ec 40 API calls 17397->17401 17402 7ff69e1b1c99 17398->17402 17574 7ff69e1b45ec 17398->17574 17399->17390 17400->17386 17403 7ff69e1b1d1a 17401->17403 17410 7ff69e1b1de0 17402->17410 17414 7ff69e1afda4 _set_fmode 11 API calls 17402->17414 17406 7ff69e1ab404 __free_lconv_mon 11 API calls 17403->17406 17405 7ff69e1b1c07 17404->17405 17408 7ff69e1ab404 __free_lconv_mon 11 API calls 17405->17408 17409 7ff69e1b1d24 17406->17409 17408->17390 17409->17400 17409->17402 17412 7ff69e1ab404 __free_lconv_mon 11 API calls 17410->17412 17411 7ff69e1b1cc5 17413 7ff69e1ab404 __free_lconv_mon 11 API calls 17411->17413 17412->17371 17413->17402 17415 7ff69e1b1d68 17414->17415 17416 7ff69e1b1d70 17415->17416 17417 7ff69e1b1d79 17415->17417 17419 7ff69e1ab404 __free_lconv_mon 11 API calls 17416->17419 17499 7ff69e1ab34c 17417->17499 17420 7ff69e1b1d77 17419->17420 17426 7ff69e1ab404 __free_lconv_mon 11 API calls 17420->17426 17422 7ff69e1b1d90 17583 7ff69e1b8454 17422->17583 17423 7ff69e1b1e1b 17425 7ff69e1ab7e4 _isindst 17 API calls 17423->17425 17428 7ff69e1b1e2f 17425->17428 17426->17371 17431 7ff69e1b1e58 17428->17431 17436 7ff69e1b1e68 17428->17436 17429 7ff69e1b1dd8 17432 7ff69e1ab404 __free_lconv_mon 11 API calls 17429->17432 17430 7ff69e1b1db7 17433 7ff69e1a5de8 _set_fmode 11 API calls 17430->17433 17434 7ff69e1a5de8 _set_fmode 11 API calls 17431->17434 17432->17410 17435 7ff69e1b1dbc 17433->17435 17458 7ff69e1b1e5d 17434->17458 17438 7ff69e1ab404 __free_lconv_mon 11 API calls 17435->17438 17437 7ff69e1b214b 17436->17437 17439 7ff69e1b1e8a 17436->17439 17440 7ff69e1a5de8 _set_fmode 11 API calls 17437->17440 17438->17420 17441 7ff69e1b1ea7 17439->17441 17602 7ff69e1b227c 17439->17602 17442 7ff69e1b2150 17440->17442 17445 7ff69e1b1f1b 17441->17445 17447 7ff69e1b1ecf 17441->17447 17453 7ff69e1b1f0f 17441->17453 17444 7ff69e1ab404 __free_lconv_mon 11 API calls 17442->17444 17444->17458 17449 7ff69e1b1f43 17445->17449 17454 7ff69e1afda4 _set_fmode 11 API calls 17445->17454 17466 7ff69e1b1ede 17445->17466 17446 7ff69e1b1fce 17456 7ff69e1b1feb 17446->17456 17467 7ff69e1b203e 17446->17467 17617 7ff69e1aa5d8 17447->17617 17451 7ff69e1afda4 _set_fmode 11 API calls 17449->17451 17449->17453 17449->17466 17457 7ff69e1b1f65 17451->17457 17452 7ff69e1ab404 __free_lconv_mon 11 API calls 17452->17458 17453->17446 17453->17466 17623 7ff69e1b81fc 17453->17623 17459 7ff69e1b1f35 17454->17459 17462 7ff69e1ab404 __free_lconv_mon 11 API calls 17456->17462 17463 7ff69e1ab404 __free_lconv_mon 11 API calls 17457->17463 17464 7ff69e1ab404 __free_lconv_mon 11 API calls 17459->17464 17460 7ff69e1b1ed9 17465 7ff69e1a5de8 _set_fmode 11 API calls 17460->17465 17461 7ff69e1b1ef7 17461->17453 17469 7ff69e1b227c 45 API calls 17461->17469 17468 7ff69e1b1ff4 17462->17468 17463->17453 17464->17449 17465->17466 17466->17452 17467->17466 17470 7ff69e1b45ec 40 API calls 17467->17470 17473 7ff69e1b45ec 40 API calls 17468->17473 17476 7ff69e1b1ffa 17468->17476 17469->17453 17471 7ff69e1b207c 17470->17471 17472 7ff69e1ab404 __free_lconv_mon 11 API calls 17471->17472 17474 7ff69e1b2086 17472->17474 17477 7ff69e1b2026 17473->17477 17474->17466 17474->17476 17475 7ff69e1b213f 17478 7ff69e1ab404 __free_lconv_mon 11 API calls 17475->17478 17476->17475 17480 7ff69e1afda4 _set_fmode 11 API calls 17476->17480 17479 7ff69e1ab404 __free_lconv_mon 11 API calls 17477->17479 17478->17458 17479->17476 17481 7ff69e1b20cb 17480->17481 17482 7ff69e1b20d3 17481->17482 17483 7ff69e1b20dc 17481->17483 17484 7ff69e1ab404 __free_lconv_mon 11 API calls 17482->17484 17508 7ff69e1b1684 17483->17508 17486 7ff69e1b20da 17484->17486 17493 7ff69e1ab404 __free_lconv_mon 11 API calls 17486->17493 17488 7ff69e1b217f 17492 7ff69e1ab7e4 _isindst 17 API calls 17488->17492 17489 7ff69e1b20f2 SetEnvironmentVariableW 17490 7ff69e1b2116 17489->17490 17491 7ff69e1b2137 17489->17491 17495 7ff69e1a5de8 _set_fmode 11 API calls 17490->17495 17494 7ff69e1ab404 __free_lconv_mon 11 API calls 17491->17494 17496 7ff69e1b2193 17492->17496 17493->17458 17494->17475 17497 7ff69e1b211b 17495->17497 17498 7ff69e1ab404 __free_lconv_mon 11 API calls 17497->17498 17498->17486 17500 7ff69e1ab363 17499->17500 17501 7ff69e1ab359 17499->17501 17502 7ff69e1a5de8 _set_fmode 11 API calls 17500->17502 17501->17500 17506 7ff69e1ab37e 17501->17506 17503 7ff69e1ab36a 17502->17503 17505 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17503->17505 17504 7ff69e1ab376 17504->17422 17504->17423 17505->17504 17506->17504 17507 7ff69e1a5de8 _set_fmode 11 API calls 17506->17507 17507->17503 17509 7ff69e1b1691 17508->17509 17510 7ff69e1b169b 17508->17510 17509->17510 17515 7ff69e1b16b7 17509->17515 17511 7ff69e1a5de8 _set_fmode 11 API calls 17510->17511 17512 7ff69e1b16a3 17511->17512 17513 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17512->17513 17514 7ff69e1b16af 17513->17514 17514->17488 17514->17489 17515->17514 17516 7ff69e1a5de8 _set_fmode 11 API calls 17515->17516 17516->17512 17518 7ff69e1b21c9 17517->17518 17524 7ff69e1b21b1 17517->17524 17519 7ff69e1afda4 _set_fmode 11 API calls 17518->17519 17527 7ff69e1b21ed 17519->17527 17520 7ff69e1b224e 17522 7ff69e1ab404 __free_lconv_mon 11 API calls 17520->17522 17521 7ff69e1ab3ac __GetCurrentState 45 API calls 17523 7ff69e1b2278 17521->17523 17522->17524 17524->17376 17525 7ff69e1afda4 _set_fmode 11 API calls 17525->17527 17526 7ff69e1ab404 __free_lconv_mon 11 API calls 17526->17527 17527->17520 17527->17525 17527->17526 17528 7ff69e1ab34c __std_exception_copy 37 API calls 17527->17528 17529 7ff69e1b225d 17527->17529 17531 7ff69e1b2272 17527->17531 17528->17527 17530 7ff69e1ab7e4 _isindst 17 API calls 17529->17530 17530->17531 17531->17521 17533 7ff69e1aa5b5 17532->17533 17534 7ff69e1aa5ac 17532->17534 17533->17392 17533->17393 17534->17533 17647 7ff69e1aa074 17534->17647 17539 7ff69e1b7464 17538->17539 17540 7ff69e1b8349 17538->17540 17541 7ff69e1b7471 17539->17541 17548 7ff69e1b74a7 17539->17548 17542 7ff69e1a5e2c 45 API calls 17540->17542 17545 7ff69e1a5de8 _set_fmode 11 API calls 17541->17545 17561 7ff69e1b7418 17541->17561 17544 7ff69e1b837d 17542->17544 17543 7ff69e1b74d1 17547 7ff69e1a5de8 _set_fmode 11 API calls 17543->17547 17549 7ff69e1b8382 17544->17549 17553 7ff69e1b8393 17544->17553 17557 7ff69e1b83aa 17544->17557 17546 7ff69e1b747b 17545->17546 17550 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17546->17550 17551 7ff69e1b74d6 17547->17551 17548->17543 17552 7ff69e1b74f6 17548->17552 17549->17390 17555 7ff69e1b7486 17550->17555 17556 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17551->17556 17562 7ff69e1a5e2c 45 API calls 17552->17562 17567 7ff69e1b74e1 17552->17567 17554 7ff69e1a5de8 _set_fmode 11 API calls 17553->17554 17558 7ff69e1b8398 17554->17558 17555->17390 17556->17567 17559 7ff69e1b83b4 17557->17559 17560 7ff69e1b83c6 17557->17560 17563 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17558->17563 17564 7ff69e1a5de8 _set_fmode 11 API calls 17559->17564 17565 7ff69e1b83ee 17560->17565 17566 7ff69e1b83d7 17560->17566 17561->17390 17562->17567 17563->17549 17568 7ff69e1b83b9 17564->17568 17909 7ff69e1ba15c 17565->17909 17900 7ff69e1b74b4 17566->17900 17567->17390 17572 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17568->17572 17572->17549 17573 7ff69e1a5de8 _set_fmode 11 API calls 17573->17549 17575 7ff69e1b460e 17574->17575 17576 7ff69e1b462b 17574->17576 17575->17576 17577 7ff69e1b461c 17575->17577 17580 7ff69e1b4635 17576->17580 17949 7ff69e1b8e48 17576->17949 17578 7ff69e1a5de8 _set_fmode 11 API calls 17577->17578 17582 7ff69e1b4621 memcpy_s 17578->17582 17956 7ff69e1b8e84 17580->17956 17582->17411 17584 7ff69e1a5e2c 45 API calls 17583->17584 17585 7ff69e1b84ba 17584->17585 17586 7ff69e1b84c8 17585->17586 17968 7ff69e1b0130 17585->17968 17971 7ff69e1a6408 17586->17971 17590 7ff69e1b85b4 17593 7ff69e1b85c5 17590->17593 17594 7ff69e1ab404 __free_lconv_mon 11 API calls 17590->17594 17591 7ff69e1a5e2c 45 API calls 17592 7ff69e1b8537 17591->17592 17596 7ff69e1b0130 5 API calls 17592->17596 17598 7ff69e1b8540 17592->17598 17595 7ff69e1b1db3 17593->17595 17597 7ff69e1ab404 __free_lconv_mon 11 API calls 17593->17597 17594->17593 17595->17429 17595->17430 17596->17598 17597->17595 17599 7ff69e1a6408 14 API calls 17598->17599 17600 7ff69e1b859b 17599->17600 17600->17590 17601 7ff69e1b85a3 SetEnvironmentVariableW 17600->17601 17601->17590 17603 7ff69e1b229f 17602->17603 17604 7ff69e1b22bc 17602->17604 17603->17441 17605 7ff69e1afda4 _set_fmode 11 API calls 17604->17605 17606 7ff69e1b22e0 17605->17606 17607 7ff69e1b2341 17606->17607 17611 7ff69e1afda4 _set_fmode 11 API calls 17606->17611 17612 7ff69e1ab404 __free_lconv_mon 11 API calls 17606->17612 17613 7ff69e1b1684 37 API calls 17606->17613 17614 7ff69e1b2350 17606->17614 17616 7ff69e1b2364 17606->17616 17609 7ff69e1ab404 __free_lconv_mon 11 API calls 17607->17609 17608 7ff69e1ab3ac __GetCurrentState 45 API calls 17610 7ff69e1b236a 17608->17610 17609->17603 17611->17606 17612->17606 17613->17606 17615 7ff69e1ab7e4 _isindst 17 API calls 17614->17615 17615->17616 17616->17608 17618 7ff69e1aa5f1 17617->17618 17619 7ff69e1aa5e8 17617->17619 17618->17460 17618->17461 17619->17618 17993 7ff69e1aa0e8 17619->17993 17624 7ff69e1b8209 17623->17624 17628 7ff69e1b8236 17623->17628 17625 7ff69e1b820e 17624->17625 17624->17628 17626 7ff69e1a5de8 _set_fmode 11 API calls 17625->17626 17627 7ff69e1b8213 17626->17627 17630 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17627->17630 17629 7ff69e1b827a 17628->17629 17631 7ff69e1b8299 17628->17631 17645 7ff69e1b826e __crtLCMapStringW 17628->17645 17632 7ff69e1a5de8 _set_fmode 11 API calls 17629->17632 17633 7ff69e1b821e 17630->17633 17634 7ff69e1b82b5 17631->17634 17635 7ff69e1b82a3 17631->17635 17636 7ff69e1b827f 17632->17636 17633->17453 17639 7ff69e1a5e2c 45 API calls 17634->17639 17638 7ff69e1a5de8 _set_fmode 11 API calls 17635->17638 17637 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17636->17637 17637->17645 17640 7ff69e1b82a8 17638->17640 17641 7ff69e1b82c2 17639->17641 17642 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17640->17642 17641->17645 18040 7ff69e1b9d18 17641->18040 17642->17645 17645->17453 17646 7ff69e1a5de8 _set_fmode 11 API calls 17646->17645 17648 7ff69e1aa089 17647->17648 17649 7ff69e1aa08d 17647->17649 17648->17533 17662 7ff69e1aa3c8 17648->17662 17670 7ff69e1b3800 17649->17670 17654 7ff69e1aa09f 17656 7ff69e1ab404 __free_lconv_mon 11 API calls 17654->17656 17655 7ff69e1aa0ab 17696 7ff69e1aa158 17655->17696 17656->17648 17659 7ff69e1ab404 __free_lconv_mon 11 API calls 17660 7ff69e1aa0d2 17659->17660 17661 7ff69e1ab404 __free_lconv_mon 11 API calls 17660->17661 17661->17648 17663 7ff69e1aa3f1 17662->17663 17668 7ff69e1aa40a 17662->17668 17663->17533 17664 7ff69e1b19f8 WideCharToMultiByte 17664->17668 17665 7ff69e1afda4 _set_fmode 11 API calls 17665->17668 17666 7ff69e1aa49a 17667 7ff69e1ab404 __free_lconv_mon 11 API calls 17666->17667 17667->17663 17668->17663 17668->17664 17668->17665 17668->17666 17669 7ff69e1ab404 __free_lconv_mon 11 API calls 17668->17669 17669->17668 17671 7ff69e1b380d 17670->17671 17675 7ff69e1aa092 17670->17675 17715 7ff69e1ac0c4 17671->17715 17676 7ff69e1b3b3c GetEnvironmentStringsW 17675->17676 17677 7ff69e1aa097 17676->17677 17679 7ff69e1b3b6c 17676->17679 17677->17654 17677->17655 17678 7ff69e1b19f8 WideCharToMultiByte 17680 7ff69e1b3bbd 17678->17680 17679->17678 17679->17679 17681 7ff69e1b3bc4 FreeEnvironmentStringsW 17680->17681 17682 7ff69e1ae664 _fread_nolock 12 API calls 17680->17682 17681->17677 17683 7ff69e1b3bd7 17682->17683 17684 7ff69e1b3bdf 17683->17684 17685 7ff69e1b3be8 17683->17685 17686 7ff69e1ab404 __free_lconv_mon 11 API calls 17684->17686 17687 7ff69e1b19f8 WideCharToMultiByte 17685->17687 17688 7ff69e1b3be6 17686->17688 17689 7ff69e1b3c0b 17687->17689 17688->17681 17690 7ff69e1b3c0f 17689->17690 17691 7ff69e1b3c19 17689->17691 17693 7ff69e1ab404 __free_lconv_mon 11 API calls 17690->17693 17692 7ff69e1ab404 __free_lconv_mon 11 API calls 17691->17692 17694 7ff69e1b3c17 FreeEnvironmentStringsW 17692->17694 17693->17694 17694->17677 17697 7ff69e1aa17d 17696->17697 17698 7ff69e1afda4 _set_fmode 11 API calls 17697->17698 17710 7ff69e1aa1b3 17698->17710 17699 7ff69e1aa1bb 17700 7ff69e1ab404 __free_lconv_mon 11 API calls 17699->17700 17701 7ff69e1aa0b3 17700->17701 17701->17659 17702 7ff69e1aa22e 17703 7ff69e1ab404 __free_lconv_mon 11 API calls 17702->17703 17703->17701 17704 7ff69e1afda4 _set_fmode 11 API calls 17704->17710 17705 7ff69e1aa21d 17894 7ff69e1aa384 17705->17894 17706 7ff69e1ab34c __std_exception_copy 37 API calls 17706->17710 17709 7ff69e1aa253 17712 7ff69e1ab7e4 _isindst 17 API calls 17709->17712 17710->17699 17710->17702 17710->17704 17710->17705 17710->17706 17710->17709 17713 7ff69e1ab404 __free_lconv_mon 11 API calls 17710->17713 17711 7ff69e1ab404 __free_lconv_mon 11 API calls 17711->17699 17714 7ff69e1aa266 17712->17714 17713->17710 17716 7ff69e1ac0f0 FlsSetValue 17715->17716 17717 7ff69e1ac0d5 FlsGetValue 17715->17717 17718 7ff69e1ac0e2 17716->17718 17720 7ff69e1ac0fd 17716->17720 17717->17718 17719 7ff69e1ac0ea 17717->17719 17721 7ff69e1ac0e8 17718->17721 17722 7ff69e1ab3ac __GetCurrentState 45 API calls 17718->17722 17719->17716 17723 7ff69e1afda4 _set_fmode 11 API calls 17720->17723 17735 7ff69e1b34d4 17721->17735 17724 7ff69e1ac165 17722->17724 17725 7ff69e1ac10c 17723->17725 17726 7ff69e1ac12a FlsSetValue 17725->17726 17727 7ff69e1ac11a FlsSetValue 17725->17727 17728 7ff69e1ac148 17726->17728 17729 7ff69e1ac136 FlsSetValue 17726->17729 17730 7ff69e1ac123 17727->17730 17731 7ff69e1abd9c _set_fmode 11 API calls 17728->17731 17729->17730 17732 7ff69e1ab404 __free_lconv_mon 11 API calls 17730->17732 17733 7ff69e1ac150 17731->17733 17732->17718 17734 7ff69e1ab404 __free_lconv_mon 11 API calls 17733->17734 17734->17721 17758 7ff69e1b3744 17735->17758 17737 7ff69e1b3509 17773 7ff69e1b31d4 17737->17773 17740 7ff69e1ae664 _fread_nolock 12 API calls 17741 7ff69e1b3537 17740->17741 17742 7ff69e1b353f 17741->17742 17744 7ff69e1b354e 17741->17744 17743 7ff69e1ab404 __free_lconv_mon 11 API calls 17742->17743 17757 7ff69e1b3526 17743->17757 17744->17744 17780 7ff69e1b387c 17744->17780 17747 7ff69e1b364a 17748 7ff69e1a5de8 _set_fmode 11 API calls 17747->17748 17749 7ff69e1b364f 17748->17749 17752 7ff69e1ab404 __free_lconv_mon 11 API calls 17749->17752 17750 7ff69e1b36a5 17756 7ff69e1b370c 17750->17756 17791 7ff69e1b3004 17750->17791 17751 7ff69e1b3664 17751->17750 17753 7ff69e1ab404 __free_lconv_mon 11 API calls 17751->17753 17752->17757 17753->17750 17755 7ff69e1ab404 __free_lconv_mon 11 API calls 17755->17757 17756->17755 17757->17675 17759 7ff69e1b3767 17758->17759 17762 7ff69e1b3771 17759->17762 17806 7ff69e1b14e8 EnterCriticalSection 17759->17806 17761 7ff69e1b37e3 17761->17737 17762->17761 17766 7ff69e1ab3ac __GetCurrentState 45 API calls 17762->17766 17767 7ff69e1b37fb 17766->17767 17769 7ff69e1b3852 17767->17769 17770 7ff69e1ac0c4 50 API calls 17767->17770 17769->17737 17771 7ff69e1b383c 17770->17771 17772 7ff69e1b34d4 65 API calls 17771->17772 17772->17769 17774 7ff69e1a5e2c 45 API calls 17773->17774 17775 7ff69e1b31e8 17774->17775 17776 7ff69e1b31f4 GetOEMCP 17775->17776 17777 7ff69e1b3206 17775->17777 17778 7ff69e1b321b 17776->17778 17777->17778 17779 7ff69e1b320b GetACP 17777->17779 17778->17740 17778->17757 17779->17778 17781 7ff69e1b31d4 47 API calls 17780->17781 17784 7ff69e1b38a9 17781->17784 17782 7ff69e1b39ff 17785 7ff69e19bab0 _log10_special 8 API calls 17782->17785 17783 7ff69e1b3900 memcpy_s 17807 7ff69e1b32ec 17783->17807 17784->17782 17784->17783 17786 7ff69e1b38e6 IsValidCodePage 17784->17786 17787 7ff69e1b3641 17785->17787 17786->17782 17788 7ff69e1b38f7 17786->17788 17787->17747 17787->17751 17788->17783 17789 7ff69e1b3926 GetCPInfo 17788->17789 17789->17782 17789->17783 17893 7ff69e1b14e8 EnterCriticalSection 17791->17893 17808 7ff69e1b3329 GetCPInfo 17807->17808 17809 7ff69e1b341f 17807->17809 17808->17809 17814 7ff69e1b333c 17808->17814 17810 7ff69e19bab0 _log10_special 8 API calls 17809->17810 17812 7ff69e1b34be 17810->17812 17812->17782 17818 7ff69e1b4050 17814->17818 17819 7ff69e1a5e2c 45 API calls 17818->17819 17820 7ff69e1b4092 17819->17820 17838 7ff69e1b0ab0 17820->17838 17840 7ff69e1b0ab9 MultiByteToWideChar 17838->17840 17895 7ff69e1aa389 17894->17895 17899 7ff69e1aa225 17894->17899 17896 7ff69e1aa3b2 17895->17896 17897 7ff69e1ab404 __free_lconv_mon 11 API calls 17895->17897 17898 7ff69e1ab404 __free_lconv_mon 11 API calls 17896->17898 17897->17895 17898->17899 17899->17711 17901 7ff69e1b74d1 17900->17901 17902 7ff69e1b74e8 17900->17902 17903 7ff69e1a5de8 _set_fmode 11 API calls 17901->17903 17902->17901 17906 7ff69e1b74f6 17902->17906 17904 7ff69e1b74d6 17903->17904 17905 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17904->17905 17908 7ff69e1b74e1 17905->17908 17907 7ff69e1a5e2c 45 API calls 17906->17907 17906->17908 17907->17908 17908->17549 17910 7ff69e1a5e2c 45 API calls 17909->17910 17911 7ff69e1ba181 17910->17911 17914 7ff69e1b9dd8 17911->17914 17916 7ff69e1b9e26 17914->17916 17915 7ff69e19bab0 _log10_special 8 API calls 17917 7ff69e1b8415 17915->17917 17918 7ff69e1b9ead 17916->17918 17920 7ff69e1b9e98 GetCPInfo 17916->17920 17923 7ff69e1b9eb1 17916->17923 17917->17549 17917->17573 17919 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 17918->17919 17918->17923 17921 7ff69e1b9f45 17919->17921 17920->17918 17920->17923 17922 7ff69e1ae664 _fread_nolock 12 API calls 17921->17922 17921->17923 17924 7ff69e1b9f7c 17921->17924 17922->17924 17923->17915 17924->17923 17925 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 17924->17925 17926 7ff69e1b9fea 17925->17926 17927 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 17926->17927 17936 7ff69e1ba0cc 17926->17936 17929 7ff69e1ba010 17927->17929 17928 7ff69e1ab404 __free_lconv_mon 11 API calls 17928->17923 17930 7ff69e1ae664 _fread_nolock 12 API calls 17929->17930 17931 7ff69e1ba03d 17929->17931 17929->17936 17930->17931 17932 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 17931->17932 17931->17936 17933 7ff69e1ba0b4 17932->17933 17934 7ff69e1ba0d4 17933->17934 17935 7ff69e1ba0ba 17933->17935 17943 7ff69e1b0174 17934->17943 17935->17936 17938 7ff69e1ab404 __free_lconv_mon 11 API calls 17935->17938 17936->17923 17936->17928 17938->17936 17940 7ff69e1ba113 17940->17923 17942 7ff69e1ab404 __free_lconv_mon 11 API calls 17940->17942 17941 7ff69e1ab404 __free_lconv_mon 11 API calls 17941->17940 17942->17923 17944 7ff69e1aff1c __crtLCMapStringW 5 API calls 17943->17944 17945 7ff69e1b01b2 17944->17945 17946 7ff69e1b01ba 17945->17946 17947 7ff69e1b03dc __crtLCMapStringW 5 API calls 17945->17947 17946->17940 17946->17941 17948 7ff69e1b0223 CompareStringW 17947->17948 17948->17946 17950 7ff69e1b8e51 17949->17950 17951 7ff69e1b8e6a HeapSize 17949->17951 17952 7ff69e1a5de8 _set_fmode 11 API calls 17950->17952 17953 7ff69e1b8e56 17952->17953 17954 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17953->17954 17955 7ff69e1b8e61 17954->17955 17955->17580 17957 7ff69e1b8ea3 17956->17957 17958 7ff69e1b8e99 17956->17958 17960 7ff69e1b8ea8 17957->17960 17966 7ff69e1b8eaf _set_fmode 17957->17966 17959 7ff69e1ae664 _fread_nolock 12 API calls 17958->17959 17964 7ff69e1b8ea1 17959->17964 17961 7ff69e1ab404 __free_lconv_mon 11 API calls 17960->17961 17961->17964 17962 7ff69e1b8eb5 17965 7ff69e1a5de8 _set_fmode 11 API calls 17962->17965 17963 7ff69e1b8ee2 HeapReAlloc 17963->17964 17963->17966 17964->17582 17965->17964 17966->17962 17966->17963 17967 7ff69e1b47a0 _set_fmode 2 API calls 17966->17967 17967->17966 17969 7ff69e1aff1c __crtLCMapStringW 5 API calls 17968->17969 17970 7ff69e1b0150 17969->17970 17970->17586 17972 7ff69e1a6432 17971->17972 17973 7ff69e1a6456 17971->17973 17977 7ff69e1ab404 __free_lconv_mon 11 API calls 17972->17977 17978 7ff69e1a6441 17972->17978 17974 7ff69e1a64b0 17973->17974 17975 7ff69e1a645b 17973->17975 17976 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 17974->17976 17975->17978 17979 7ff69e1a6470 17975->17979 17982 7ff69e1ab404 __free_lconv_mon 11 API calls 17975->17982 17980 7ff69e1a64cc 17976->17980 17977->17978 17978->17590 17978->17591 17983 7ff69e1ae664 _fread_nolock 12 API calls 17979->17983 17981 7ff69e1a64d3 GetLastError 17980->17981 17986 7ff69e1a6501 17980->17986 17989 7ff69e1ab404 __free_lconv_mon 11 API calls 17980->17989 17992 7ff69e1a650e 17980->17992 17984 7ff69e1a5d5c _fread_nolock 11 API calls 17981->17984 17982->17979 17983->17978 17985 7ff69e1a64e0 17984->17985 17988 7ff69e1a5de8 _set_fmode 11 API calls 17985->17988 17990 7ff69e1ae664 _fread_nolock 12 API calls 17986->17990 17987 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 17991 7ff69e1a6552 17987->17991 17988->17978 17989->17986 17990->17992 17991->17978 17991->17981 17992->17978 17992->17987 17994 7ff69e1aa101 17993->17994 17995 7ff69e1aa0fd 17993->17995 18014 7ff69e1b3c4c GetEnvironmentStringsW 17994->18014 17995->17618 18006 7ff69e1aa4a8 17995->18006 17998 7ff69e1aa10e 18000 7ff69e1ab404 __free_lconv_mon 11 API calls 17998->18000 17999 7ff69e1aa11a 18021 7ff69e1aa268 17999->18021 18000->17995 18003 7ff69e1ab404 __free_lconv_mon 11 API calls 18004 7ff69e1aa141 18003->18004 18005 7ff69e1ab404 __free_lconv_mon 11 API calls 18004->18005 18005->17995 18007 7ff69e1aa4cb 18006->18007 18010 7ff69e1aa4e2 18006->18010 18007->17618 18008 7ff69e1b0ab0 MultiByteToWideChar _fread_nolock 18008->18010 18009 7ff69e1afda4 _set_fmode 11 API calls 18009->18010 18010->18007 18010->18008 18010->18009 18011 7ff69e1aa556 18010->18011 18013 7ff69e1ab404 __free_lconv_mon 11 API calls 18010->18013 18012 7ff69e1ab404 __free_lconv_mon 11 API calls 18011->18012 18012->18007 18013->18010 18015 7ff69e1aa106 18014->18015 18017 7ff69e1b3c70 18014->18017 18015->17998 18015->17999 18016 7ff69e1ae664 _fread_nolock 12 API calls 18018 7ff69e1b3ca7 memcpy_s 18016->18018 18017->18016 18019 7ff69e1ab404 __free_lconv_mon 11 API calls 18018->18019 18020 7ff69e1b3cc7 FreeEnvironmentStringsW 18019->18020 18020->18015 18022 7ff69e1aa290 18021->18022 18023 7ff69e1afda4 _set_fmode 11 API calls 18022->18023 18034 7ff69e1aa2cb 18023->18034 18024 7ff69e1ab404 __free_lconv_mon 11 API calls 18025 7ff69e1aa122 18024->18025 18025->18003 18026 7ff69e1aa34d 18027 7ff69e1ab404 __free_lconv_mon 11 API calls 18026->18027 18027->18025 18028 7ff69e1afda4 _set_fmode 11 API calls 18028->18034 18029 7ff69e1aa33c 18031 7ff69e1aa384 11 API calls 18029->18031 18030 7ff69e1b1684 37 API calls 18030->18034 18032 7ff69e1aa344 18031->18032 18035 7ff69e1ab404 __free_lconv_mon 11 API calls 18032->18035 18033 7ff69e1aa370 18036 7ff69e1ab7e4 _isindst 17 API calls 18033->18036 18034->18026 18034->18028 18034->18029 18034->18030 18034->18033 18037 7ff69e1ab404 __free_lconv_mon 11 API calls 18034->18037 18038 7ff69e1aa2d3 18034->18038 18035->18038 18039 7ff69e1aa382 18036->18039 18037->18034 18038->18024 18041 7ff69e1b9d41 __crtLCMapStringW 18040->18041 18042 7ff69e1b0174 6 API calls 18041->18042 18043 7ff69e1b82fe 18041->18043 18042->18043 18043->17645 18043->17646 20615 7ff69e1b2670 20633 7ff69e1b14e8 EnterCriticalSection 20615->20633 20634 7ff69e1abe70 20635 7ff69e1abe8a 20634->20635 20636 7ff69e1abe75 20634->20636 20640 7ff69e1abe90 20636->20640 20641 7ff69e1abeda 20640->20641 20642 7ff69e1abed2 20640->20642 20644 7ff69e1ab404 __free_lconv_mon 11 API calls 20641->20644 20643 7ff69e1ab404 __free_lconv_mon 11 API calls 20642->20643 20643->20641 20645 7ff69e1abee7 20644->20645 20646 7ff69e1ab404 __free_lconv_mon 11 API calls 20645->20646 20647 7ff69e1abef4 20646->20647 20648 7ff69e1ab404 __free_lconv_mon 11 API calls 20647->20648 20649 7ff69e1abf01 20648->20649 20650 7ff69e1ab404 __free_lconv_mon 11 API calls 20649->20650 20651 7ff69e1abf0e 20650->20651 20652 7ff69e1ab404 __free_lconv_mon 11 API calls 20651->20652 20653 7ff69e1abf1b 20652->20653 20654 7ff69e1ab404 __free_lconv_mon 11 API calls 20653->20654 20655 7ff69e1abf28 20654->20655 20656 7ff69e1ab404 __free_lconv_mon 11 API calls 20655->20656 20657 7ff69e1abf35 20656->20657 20658 7ff69e1ab404 __free_lconv_mon 11 API calls 20657->20658 20659 7ff69e1abf45 20658->20659 20660 7ff69e1ab404 __free_lconv_mon 11 API calls 20659->20660 20661 7ff69e1abf55 20660->20661 20666 7ff69e1abd3c 20661->20666 20680 7ff69e1b14e8 EnterCriticalSection 20666->20680 20682 7ff69e1aac70 20685 7ff69e1aabe8 20682->20685 20692 7ff69e1b14e8 EnterCriticalSection 20685->20692 21147 7ff69e1bbdf3 21150 7ff69e1bbe03 21147->21150 21151 7ff69e1a6288 LeaveCriticalSection 21150->21151 21174 7ff69e1b28c0 21185 7ff69e1b85f4 21174->21185 21186 7ff69e1b8601 21185->21186 21187 7ff69e1ab404 __free_lconv_mon 11 API calls 21186->21187 21188 7ff69e1b861d 21186->21188 21187->21186 21189 7ff69e1ab404 __free_lconv_mon 11 API calls 21188->21189 21190 7ff69e1b28c9 21188->21190 21189->21188 21191 7ff69e1b14e8 EnterCriticalSection 21190->21191 16913 7ff69e19b040 16914 7ff69e19b06e 16913->16914 16915 7ff69e19b055 16913->16915 16915->16914 16918 7ff69e1ae664 16915->16918 16919 7ff69e1ae6af 16918->16919 16923 7ff69e1ae673 _set_fmode 16918->16923 16928 7ff69e1a5de8 16919->16928 16921 7ff69e1ae696 HeapAlloc 16922 7ff69e19b0ce 16921->16922 16921->16923 16923->16919 16923->16921 16925 7ff69e1b47a0 16923->16925 16931 7ff69e1b47e0 16925->16931 16937 7ff69e1ac168 GetLastError 16928->16937 16930 7ff69e1a5df1 16930->16922 16936 7ff69e1b14e8 EnterCriticalSection 16931->16936 16938 7ff69e1ac1a9 FlsSetValue 16937->16938 16942 7ff69e1ac18c 16937->16942 16939 7ff69e1ac1bb 16938->16939 16943 7ff69e1ac199 SetLastError 16938->16943 16954 7ff69e1afda4 16939->16954 16942->16938 16942->16943 16943->16930 16945 7ff69e1ac1e8 FlsSetValue 16947 7ff69e1ac1f4 FlsSetValue 16945->16947 16948 7ff69e1ac206 16945->16948 16946 7ff69e1ac1d8 FlsSetValue 16949 7ff69e1ac1e1 16946->16949 16947->16949 16967 7ff69e1abd9c 16948->16967 16961 7ff69e1ab404 16949->16961 16955 7ff69e1afdb5 _set_fmode 16954->16955 16956 7ff69e1afe06 16955->16956 16957 7ff69e1afdea HeapAlloc 16955->16957 16960 7ff69e1b47a0 _set_fmode 2 API calls 16955->16960 16959 7ff69e1a5de8 _set_fmode 10 API calls 16956->16959 16957->16955 16958 7ff69e1ac1ca 16957->16958 16958->16945 16958->16946 16959->16958 16960->16955 16962 7ff69e1ab409 RtlFreeHeap 16961->16962 16964 7ff69e1ab438 16961->16964 16963 7ff69e1ab424 GetLastError 16962->16963 16962->16964 16965 7ff69e1ab431 __free_lconv_mon 16963->16965 16964->16943 16966 7ff69e1a5de8 _set_fmode 9 API calls 16965->16966 16966->16964 16972 7ff69e1abc74 16967->16972 16984 7ff69e1b14e8 EnterCriticalSection 16972->16984 21524 7ff69e1a6220 21525 7ff69e1a622b 21524->21525 21533 7ff69e1b04b4 21525->21533 21546 7ff69e1b14e8 EnterCriticalSection 21533->21546 18044 7ff69e1b0b9c 18045 7ff69e1b0d8e 18044->18045 18048 7ff69e1b0bde _isindst 18044->18048 18046 7ff69e1a5de8 _set_fmode 11 API calls 18045->18046 18064 7ff69e1b0d7e 18046->18064 18047 7ff69e19bab0 _log10_special 8 API calls 18049 7ff69e1b0da9 18047->18049 18048->18045 18050 7ff69e1b0c5e _isindst 18048->18050 18065 7ff69e1b73a4 18050->18065 18055 7ff69e1b0dba 18057 7ff69e1ab7e4 _isindst 17 API calls 18055->18057 18059 7ff69e1b0dce 18057->18059 18062 7ff69e1b0cbb 18062->18064 18089 7ff69e1b73e8 18062->18089 18064->18047 18066 7ff69e1b0c7c 18065->18066 18067 7ff69e1b73b3 18065->18067 18071 7ff69e1b67a8 18066->18071 18096 7ff69e1b14e8 EnterCriticalSection 18067->18096 18072 7ff69e1b67b1 18071->18072 18073 7ff69e1b0c91 18071->18073 18074 7ff69e1a5de8 _set_fmode 11 API calls 18072->18074 18073->18055 18077 7ff69e1b67d8 18073->18077 18075 7ff69e1b67b6 18074->18075 18076 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 18075->18076 18076->18073 18078 7ff69e1b67e1 18077->18078 18082 7ff69e1b0ca2 18077->18082 18079 7ff69e1a5de8 _set_fmode 11 API calls 18078->18079 18080 7ff69e1b67e6 18079->18080 18081 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 18080->18081 18081->18082 18082->18055 18083 7ff69e1b6808 18082->18083 18084 7ff69e1b6811 18083->18084 18086 7ff69e1b0cb3 18083->18086 18085 7ff69e1a5de8 _set_fmode 11 API calls 18084->18085 18087 7ff69e1b6816 18085->18087 18086->18055 18086->18062 18088 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 18087->18088 18088->18086 18097 7ff69e1b14e8 EnterCriticalSection 18089->18097 18098 7ff69e19c19c 18119 7ff69e19c37c 18098->18119 18101 7ff69e19c2f3 18274 7ff69e19c69c IsProcessorFeaturePresent 18101->18274 18102 7ff69e19c1bd __scrt_acquire_startup_lock 18104 7ff69e19c2fd 18102->18104 18110 7ff69e19c1db __scrt_release_startup_lock 18102->18110 18105 7ff69e19c69c 7 API calls 18104->18105 18107 7ff69e19c308 __GetCurrentState 18105->18107 18106 7ff69e19c200 18108 7ff69e19c286 18127 7ff69e1aa658 18108->18127 18110->18106 18110->18108 18263 7ff69e1aaa04 18110->18263 18112 7ff69e19c28b 18133 7ff69e191000 18112->18133 18116 7ff69e19c2af 18116->18107 18270 7ff69e19c500 18116->18270 18120 7ff69e19c384 18119->18120 18121 7ff69e19c390 __scrt_dllmain_crt_thread_attach 18120->18121 18122 7ff69e19c39d 18121->18122 18123 7ff69e19c1b5 18121->18123 18281 7ff69e1ab2ac 18122->18281 18123->18101 18123->18102 18128 7ff69e1aa668 18127->18128 18130 7ff69e1aa67d 18127->18130 18129 7ff69e1aa0e8 40 API calls 18128->18129 18128->18130 18131 7ff69e1aa686 18129->18131 18130->18112 18131->18130 18132 7ff69e1aa4a8 12 API calls 18131->18132 18132->18130 18134 7ff69e192b80 18133->18134 18324 7ff69e1a6360 18134->18324 18136 7ff69e192bbc 18331 7ff69e192a70 18136->18331 18139 7ff69e192bc9 __std_exception_destroy 18141 7ff69e19bab0 _log10_special 8 API calls 18139->18141 18143 7ff69e1930ec 18141->18143 18268 7ff69e19c7ec GetModuleHandleW 18143->18268 18144 7ff69e192cdb 18507 7ff69e1939f0 18144->18507 18145 7ff69e192bfd 18498 7ff69e191c60 18145->18498 18149 7ff69e192c1c 18403 7ff69e197c90 18149->18403 18150 7ff69e192d2a 18530 7ff69e191e50 18150->18530 18152 7ff69e192c4f 18162 7ff69e192c7b __std_exception_destroy 18152->18162 18502 7ff69e197e00 18152->18502 18155 7ff69e192d1d 18156 7ff69e192d22 18155->18156 18157 7ff69e192d45 18155->18157 18526 7ff69e19f544 18156->18526 18160 7ff69e191c60 49 API calls 18157->18160 18161 7ff69e192d64 18160->18161 18166 7ff69e191930 115 API calls 18161->18166 18163 7ff69e197c90 14 API calls 18162->18163 18171 7ff69e192c9e __std_exception_destroy 18162->18171 18163->18171 18165 7ff69e192dcc 18167 7ff69e197e00 40 API calls 18165->18167 18168 7ff69e192d8e 18166->18168 18169 7ff69e192dd8 18167->18169 18168->18149 18170 7ff69e192d9e 18168->18170 18172 7ff69e197e00 40 API calls 18169->18172 18174 7ff69e191e50 81 API calls 18170->18174 18176 7ff69e192cce __std_exception_destroy 18171->18176 18416 7ff69e197da0 18171->18416 18173 7ff69e192de4 18172->18173 18175 7ff69e197e00 40 API calls 18173->18175 18174->18139 18175->18176 18177 7ff69e197c90 14 API calls 18176->18177 18178 7ff69e192e04 18177->18178 18179 7ff69e192ef9 18178->18179 18180 7ff69e192e29 __std_exception_destroy 18178->18180 18181 7ff69e191e50 81 API calls 18179->18181 18182 7ff69e197da0 40 API calls 18180->18182 18207 7ff69e192e6c 18180->18207 18181->18139 18182->18207 18183 7ff69e197c90 14 API calls 18184 7ff69e19304f __std_exception_destroy 18183->18184 18185 7ff69e193187 18184->18185 18186 7ff69e19308a 18184->18186 18541 7ff69e193910 18185->18541 18187 7ff69e193094 18186->18187 18188 7ff69e19311a 18186->18188 18423 7ff69e1985d0 18187->18423 18191 7ff69e197c90 14 API calls 18188->18191 18194 7ff69e193126 18191->18194 18192 7ff69e193195 18195 7ff69e1931b7 18192->18195 18196 7ff69e1931ab 18192->18196 18197 7ff69e1930a5 18194->18197 18200 7ff69e193133 18194->18200 18199 7ff69e191c60 49 API calls 18195->18199 18544 7ff69e193a60 18196->18544 18202 7ff69e191e50 81 API calls 18197->18202 18209 7ff69e19310e __std_exception_destroy 18199->18209 18203 7ff69e191c60 49 API calls 18200->18203 18202->18139 18206 7ff69e193151 18203->18206 18204 7ff69e19320a 18473 7ff69e1988f0 18204->18473 18206->18209 18210 7ff69e193158 18206->18210 18207->18183 18209->18204 18211 7ff69e1931ed SetDllDirectoryW LoadLibraryExW 18209->18211 18214 7ff69e191e50 81 API calls 18210->18214 18211->18204 18212 7ff69e19321d SetDllDirectoryW 18215 7ff69e193250 18212->18215 18253 7ff69e1932a1 18212->18253 18214->18139 18216 7ff69e197c90 14 API calls 18215->18216 18220 7ff69e19325c __std_exception_destroy 18216->18220 18217 7ff69e193362 18478 7ff69e192780 18217->18478 18224 7ff69e193339 18220->18224 18227 7ff69e193295 18220->18227 18221 7ff69e19343f 18621 7ff69e192720 18221->18621 18226 7ff69e197da0 40 API calls 18224->18226 18226->18253 18227->18253 18547 7ff69e196220 18227->18547 18253->18217 18253->18221 18264 7ff69e1aaa3c 18263->18264 18265 7ff69e1aaa1b 18263->18265 20601 7ff69e1ab2f8 18264->20601 18265->18108 18269 7ff69e19c7fd 18268->18269 18269->18116 18272 7ff69e19c511 18270->18272 18271 7ff69e19c2c6 18271->18106 18272->18271 18273 7ff69e19cdb8 7 API calls 18272->18273 18273->18271 18275 7ff69e19c6c2 _isindst memcpy_s 18274->18275 18276 7ff69e19c6e1 RtlCaptureContext RtlLookupFunctionEntry 18275->18276 18277 7ff69e19c746 memcpy_s 18276->18277 18278 7ff69e19c70a RtlVirtualUnwind 18276->18278 18279 7ff69e19c778 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18277->18279 18278->18277 18280 7ff69e19c7c6 _isindst 18279->18280 18280->18104 18282 7ff69e1b46bc 18281->18282 18283 7ff69e19c3a2 18282->18283 18291 7ff69e1ad3c0 18282->18291 18283->18123 18285 7ff69e19cdb8 18283->18285 18286 7ff69e19cdc0 18285->18286 18287 7ff69e19cdca 18285->18287 18303 7ff69e19d154 18286->18303 18287->18123 18302 7ff69e1b14e8 EnterCriticalSection 18291->18302 18304 7ff69e19d163 18303->18304 18306 7ff69e19cdc5 18303->18306 18311 7ff69e19d390 18304->18311 18307 7ff69e19d1c0 18306->18307 18308 7ff69e19d1eb 18307->18308 18309 7ff69e19d1ef 18308->18309 18310 7ff69e19d1ce DeleteCriticalSection 18308->18310 18309->18287 18310->18308 18315 7ff69e19d1f8 18311->18315 18316 7ff69e19d2e2 TlsFree 18315->18316 18317 7ff69e19d23c __vcrt_InitializeCriticalSectionEx 18315->18317 18317->18316 18318 7ff69e19d26a LoadLibraryExW 18317->18318 18319 7ff69e19d329 GetProcAddress 18317->18319 18323 7ff69e19d2ad LoadLibraryExW 18317->18323 18320 7ff69e19d309 18318->18320 18321 7ff69e19d28b GetLastError 18318->18321 18319->18316 18320->18319 18322 7ff69e19d320 FreeLibrary 18320->18322 18321->18317 18322->18319 18323->18317 18323->18320 18327 7ff69e1b0690 18324->18327 18325 7ff69e1b06e3 18326 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18325->18326 18330 7ff69e1b070c 18326->18330 18327->18325 18328 7ff69e1b0736 18327->18328 18634 7ff69e1b0568 18328->18634 18330->18136 18642 7ff69e19bdb0 18331->18642 18334 7ff69e192ad0 18644 7ff69e1987e0 FindFirstFileExW 18334->18644 18335 7ff69e192aab GetLastError 18649 7ff69e192310 18335->18649 18339 7ff69e192ae3 18666 7ff69e198860 CreateFileW 18339->18666 18340 7ff69e192b3d 18679 7ff69e1989a0 18340->18679 18341 7ff69e19bab0 _log10_special 8 API calls 18344 7ff69e192b75 18341->18344 18344->18139 18353 7ff69e191930 18344->18353 18346 7ff69e192b4b 18349 7ff69e191f30 78 API calls 18346->18349 18351 7ff69e192ac6 18346->18351 18347 7ff69e192af4 18669 7ff69e191f30 18347->18669 18348 7ff69e192b0c __vcrt_InitializeCriticalSectionEx 18348->18340 18349->18351 18351->18341 18354 7ff69e1939f0 108 API calls 18353->18354 18355 7ff69e191965 18354->18355 18357 7ff69e1973f0 83 API calls 18355->18357 18363 7ff69e191c23 18355->18363 18356 7ff69e19bab0 _log10_special 8 API calls 18358 7ff69e191c3e 18356->18358 18359 7ff69e1919ab 18357->18359 18358->18144 18358->18145 18402 7ff69e1919e3 18359->18402 19043 7ff69e19fbcc 18359->19043 18361 7ff69e19f544 74 API calls 18361->18363 18362 7ff69e1919c5 18364 7ff69e1919e8 18362->18364 18365 7ff69e1919c9 18362->18365 18363->18356 19047 7ff69e19f894 18364->19047 18367 7ff69e1a5de8 _set_fmode 11 API calls 18365->18367 18369 7ff69e1919ce 18367->18369 19050 7ff69e192020 18369->19050 18371 7ff69e191a25 18376 7ff69e191a5b 18371->18376 18377 7ff69e191a3c 18371->18377 18372 7ff69e191a06 18373 7ff69e1a5de8 _set_fmode 11 API calls 18372->18373 18374 7ff69e191a0b 18373->18374 18375 7ff69e192020 87 API calls 18374->18375 18375->18402 18378 7ff69e191c60 49 API calls 18376->18378 18379 7ff69e1a5de8 _set_fmode 11 API calls 18377->18379 18380 7ff69e191a72 18378->18380 18381 7ff69e191a41 18379->18381 18383 7ff69e191c60 49 API calls 18380->18383 18382 7ff69e192020 87 API calls 18381->18382 18382->18402 18384 7ff69e191abd 18383->18384 18385 7ff69e19fbcc 73 API calls 18384->18385 18386 7ff69e191ae1 18385->18386 18387 7ff69e191b15 18386->18387 18388 7ff69e191af6 18386->18388 18389 7ff69e19f894 _fread_nolock 53 API calls 18387->18389 18390 7ff69e1a5de8 _set_fmode 11 API calls 18388->18390 18391 7ff69e191b2a 18389->18391 18392 7ff69e191afb 18390->18392 18393 7ff69e191b4f 18391->18393 18394 7ff69e191b30 18391->18394 18395 7ff69e192020 87 API calls 18392->18395 19065 7ff69e19f608 18393->19065 18396 7ff69e1a5de8 _set_fmode 11 API calls 18394->18396 18395->18402 18398 7ff69e191b35 18396->18398 18400 7ff69e192020 87 API calls 18398->18400 18400->18402 18401 7ff69e191e50 81 API calls 18401->18402 18402->18361 18404 7ff69e197c9a 18403->18404 18405 7ff69e1988f0 2 API calls 18404->18405 18406 7ff69e197cb9 GetEnvironmentVariableW 18405->18406 18407 7ff69e197d22 18406->18407 18408 7ff69e197cd6 ExpandEnvironmentStringsW 18406->18408 18409 7ff69e19bab0 _log10_special 8 API calls 18407->18409 18408->18407 18410 7ff69e197cf8 18408->18410 18411 7ff69e197d34 18409->18411 18412 7ff69e1989a0 2 API calls 18410->18412 18411->18152 18413 7ff69e197d0a 18412->18413 18414 7ff69e19bab0 _log10_special 8 API calls 18413->18414 18415 7ff69e197d1a 18414->18415 18415->18152 18417 7ff69e1988f0 2 API calls 18416->18417 18418 7ff69e197dbc 18417->18418 18419 7ff69e1988f0 2 API calls 18418->18419 18420 7ff69e197dcc 18419->18420 19316 7ff69e1a9114 18420->19316 18422 7ff69e197dda __std_exception_destroy 18422->18165 18424 7ff69e1985e5 18423->18424 19334 7ff69e1979d0 GetCurrentProcess OpenProcessToken 18424->19334 18427 7ff69e1979d0 7 API calls 18428 7ff69e198611 18427->18428 18429 7ff69e198644 18428->18429 18430 7ff69e19862a 18428->18430 18432 7ff69e191d50 48 API calls 18429->18432 18431 7ff69e191d50 48 API calls 18430->18431 18433 7ff69e198642 18431->18433 18434 7ff69e198657 LocalFree LocalFree 18432->18434 18433->18434 18435 7ff69e19867f 18434->18435 18436 7ff69e198673 18434->18436 18438 7ff69e19bab0 _log10_special 8 API calls 18435->18438 19344 7ff69e192220 18436->19344 18439 7ff69e193099 18438->18439 18439->18197 18440 7ff69e197ac0 18439->18440 18441 7ff69e197ad8 18440->18441 18442 7ff69e197b5a GetTempPathW GetCurrentProcessId 18441->18442 18443 7ff69e197afc 18441->18443 19355 7ff69e198700 18442->19355 18445 7ff69e197c90 14 API calls 18443->18445 18446 7ff69e197b08 18445->18446 19362 7ff69e197630 18446->19362 18474 7ff69e198912 MultiByteToWideChar 18473->18474 18476 7ff69e198936 18473->18476 18474->18476 18477 7ff69e19894c __std_exception_destroy 18474->18477 18475 7ff69e198953 MultiByteToWideChar 18475->18477 18476->18475 18476->18477 18477->18212 18487 7ff69e19278e memcpy_s 18478->18487 18479 7ff69e192987 18480 7ff69e19bab0 _log10_special 8 API calls 18479->18480 18481 7ff69e192a24 18480->18481 18481->18139 18497 7ff69e1985a0 LocalFree 18481->18497 18483 7ff69e191c60 49 API calls 18483->18487 18484 7ff69e1929a2 18486 7ff69e191e50 81 API calls 18484->18486 18486->18479 18487->18479 18487->18483 18487->18484 18490 7ff69e192989 18487->18490 18491 7ff69e192140 81 API calls 18487->18491 18495 7ff69e192990 18487->18495 19524 7ff69e193990 18487->19524 19530 7ff69e197280 18487->19530 19541 7ff69e1915e0 18487->19541 19589 7ff69e196580 18487->19589 19593 7ff69e1935c0 18487->19593 19637 7ff69e193880 18487->19637 18492 7ff69e191e50 81 API calls 18490->18492 18491->18487 18492->18479 18496 7ff69e191e50 81 API calls 18495->18496 18496->18479 18499 7ff69e191c85 18498->18499 18500 7ff69e1a5864 49 API calls 18499->18500 18501 7ff69e191ca8 18500->18501 18501->18149 18503 7ff69e1988f0 2 API calls 18502->18503 18504 7ff69e197e14 18503->18504 18505 7ff69e1a9114 38 API calls 18504->18505 18506 7ff69e197e26 __std_exception_destroy 18505->18506 18506->18162 18508 7ff69e1939fc 18507->18508 18509 7ff69e1988f0 2 API calls 18508->18509 18510 7ff69e193a24 18509->18510 18511 7ff69e1988f0 2 API calls 18510->18511 18512 7ff69e193a37 18511->18512 19804 7ff69e1a6ef4 18512->19804 18515 7ff69e19bab0 _log10_special 8 API calls 18516 7ff69e192ceb 18515->18516 18516->18150 18517 7ff69e1973f0 18516->18517 18518 7ff69e197414 18517->18518 18519 7ff69e1974eb __std_exception_destroy 18518->18519 18520 7ff69e19fbcc 73 API calls 18518->18520 18519->18155 18521 7ff69e197430 18520->18521 18521->18519 20195 7ff69e1a87a4 18521->20195 18523 7ff69e19fbcc 73 API calls 18525 7ff69e197445 18523->18525 18524 7ff69e19f894 _fread_nolock 53 API calls 18524->18525 18525->18519 18525->18523 18525->18524 18527 7ff69e19f574 18526->18527 20210 7ff69e19f320 18527->20210 18529 7ff69e19f58d 18529->18150 18531 7ff69e19bdb0 18530->18531 18532 7ff69e191e74 GetCurrentProcessId 18531->18532 18533 7ff69e191c60 49 API calls 18532->18533 18534 7ff69e191ec5 18533->18534 18535 7ff69e1a5864 49 API calls 18534->18535 18536 7ff69e191f02 18535->18536 18537 7ff69e191cc0 80 API calls 18536->18537 18538 7ff69e191f0c 18537->18538 18539 7ff69e19bab0 _log10_special 8 API calls 18538->18539 18540 7ff69e191f1c 18539->18540 18540->18139 18542 7ff69e191c60 49 API calls 18541->18542 18543 7ff69e19392d 18542->18543 18543->18192 18545 7ff69e191c60 49 API calls 18544->18545 18546 7ff69e193a90 18545->18546 18546->18209 18548 7ff69e196235 18547->18548 18549 7ff69e1a5de8 _set_fmode 11 API calls 18548->18549 18552 7ff69e1932b3 18548->18552 18550 7ff69e196242 18549->18550 18551 7ff69e192020 87 API calls 18550->18551 18551->18552 18553 7ff69e1967a0 18552->18553 20221 7ff69e191450 18553->20221 20327 7ff69e1957c0 18621->20327 18641 7ff69e1a627c EnterCriticalSection 18634->18641 18643 7ff69e192a7c GetModuleFileNameW 18642->18643 18643->18334 18643->18335 18645 7ff69e19881f FindClose 18644->18645 18646 7ff69e198832 18644->18646 18645->18646 18647 7ff69e19bab0 _log10_special 8 API calls 18646->18647 18648 7ff69e192ada 18647->18648 18648->18339 18648->18340 18650 7ff69e19bdb0 18649->18650 18651 7ff69e192330 GetCurrentProcessId 18650->18651 18684 7ff69e191d50 18651->18684 18653 7ff69e19237b 18688 7ff69e1a5ab8 18653->18688 18656 7ff69e191d50 48 API calls 18657 7ff69e1923eb FormatMessageW 18656->18657 18659 7ff69e192424 18657->18659 18660 7ff69e192436 18657->18660 18661 7ff69e191d50 48 API calls 18659->18661 18706 7ff69e191e00 18660->18706 18661->18660 18664 7ff69e19bab0 _log10_special 8 API calls 18665 7ff69e192464 18664->18665 18665->18351 18667 7ff69e1988a0 GetFinalPathNameByHandleW CloseHandle 18666->18667 18668 7ff69e192af0 18666->18668 18667->18668 18668->18347 18668->18348 18670 7ff69e191f54 18669->18670 18671 7ff69e191d50 48 API calls 18670->18671 18672 7ff69e191fa5 18671->18672 18673 7ff69e1a5ab8 48 API calls 18672->18673 18674 7ff69e191fe3 18673->18674 18675 7ff69e191e00 78 API calls 18674->18675 18676 7ff69e192001 18675->18676 18677 7ff69e19bab0 _log10_special 8 API calls 18676->18677 18678 7ff69e192011 18677->18678 18678->18351 18680 7ff69e1989ca WideCharToMultiByte 18679->18680 18682 7ff69e1989f5 18679->18682 18680->18682 18683 7ff69e198a0b __std_exception_destroy 18680->18683 18681 7ff69e198a12 WideCharToMultiByte 18681->18683 18682->18681 18682->18683 18683->18346 18685 7ff69e191d75 18684->18685 18686 7ff69e1a5ab8 48 API calls 18685->18686 18687 7ff69e191d98 18686->18687 18687->18653 18690 7ff69e1a5b12 18688->18690 18689 7ff69e1a5b37 18691 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18689->18691 18690->18689 18692 7ff69e1a5b73 18690->18692 18694 7ff69e1a5b61 18691->18694 18710 7ff69e1a2da8 18692->18710 18696 7ff69e19bab0 _log10_special 8 API calls 18694->18696 18695 7ff69e1a5c54 18697 7ff69e1ab404 __free_lconv_mon 11 API calls 18695->18697 18699 7ff69e1923bb 18696->18699 18697->18694 18699->18656 18700 7ff69e1a5c29 18703 7ff69e1ab404 __free_lconv_mon 11 API calls 18700->18703 18701 7ff69e1a5c7a 18701->18695 18702 7ff69e1a5c84 18701->18702 18705 7ff69e1ab404 __free_lconv_mon 11 API calls 18702->18705 18703->18694 18704 7ff69e1a5c20 18704->18695 18704->18700 18705->18694 18707 7ff69e191e26 18706->18707 19028 7ff69e1a5740 18707->19028 18709 7ff69e191e3c 18709->18664 18711 7ff69e1a2de6 18710->18711 18712 7ff69e1a2dd6 18710->18712 18713 7ff69e1a2def 18711->18713 18718 7ff69e1a2e1d 18711->18718 18716 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18712->18716 18714 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18713->18714 18715 7ff69e1a2e15 18714->18715 18715->18695 18715->18700 18715->18701 18715->18704 18716->18715 18718->18712 18718->18715 18721 7ff69e1a43f0 18718->18721 18754 7ff69e1a3540 18718->18754 18791 7ff69e1a2330 18718->18791 18722 7ff69e1a44a3 18721->18722 18723 7ff69e1a4432 18721->18723 18726 7ff69e1a44a8 18722->18726 18727 7ff69e1a44fc 18722->18727 18724 7ff69e1a4438 18723->18724 18725 7ff69e1a44cd 18723->18725 18730 7ff69e1a443d 18724->18730 18731 7ff69e1a446c 18724->18731 18814 7ff69e1a12cc 18725->18814 18728 7ff69e1a44aa 18726->18728 18729 7ff69e1a44dd 18726->18729 18733 7ff69e1a4513 18727->18733 18734 7ff69e1a4506 18727->18734 18738 7ff69e1a450b 18727->18738 18732 7ff69e1a444c 18728->18732 18741 7ff69e1a44b9 18728->18741 18821 7ff69e1a0ebc 18729->18821 18730->18733 18736 7ff69e1a4443 18730->18736 18731->18736 18731->18738 18752 7ff69e1a453c 18732->18752 18794 7ff69e1a4ba4 18732->18794 18828 7ff69e1a50f8 18733->18828 18734->18725 18734->18738 18736->18732 18742 7ff69e1a447e 18736->18742 18749 7ff69e1a4467 18736->18749 18738->18752 18832 7ff69e1a16dc 18738->18832 18741->18725 18744 7ff69e1a44be 18741->18744 18742->18752 18804 7ff69e1a4ee0 18742->18804 18744->18752 18810 7ff69e1a4fa4 18744->18810 18746 7ff69e19bab0 _log10_special 8 API calls 18748 7ff69e1a4836 18746->18748 18748->18718 18749->18752 18753 7ff69e1a4728 18749->18753 18839 7ff69e1a5210 18749->18839 18752->18746 18753->18752 18845 7ff69e1afa70 18753->18845 18755 7ff69e1a354e 18754->18755 18756 7ff69e1a3564 18754->18756 18758 7ff69e1a44a3 18755->18758 18759 7ff69e1a4432 18755->18759 18760 7ff69e1a35a4 18755->18760 18757 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18756->18757 18756->18760 18757->18760 18763 7ff69e1a44a8 18758->18763 18764 7ff69e1a44fc 18758->18764 18761 7ff69e1a4438 18759->18761 18762 7ff69e1a44cd 18759->18762 18760->18718 18767 7ff69e1a443d 18761->18767 18768 7ff69e1a446c 18761->18768 18772 7ff69e1a12cc 38 API calls 18762->18772 18765 7ff69e1a44aa 18763->18765 18766 7ff69e1a44dd 18763->18766 18770 7ff69e1a4513 18764->18770 18771 7ff69e1a4506 18764->18771 18775 7ff69e1a450b 18764->18775 18769 7ff69e1a444c 18765->18769 18780 7ff69e1a44b9 18765->18780 18777 7ff69e1a0ebc 38 API calls 18766->18777 18767->18770 18773 7ff69e1a4443 18767->18773 18768->18773 18768->18775 18774 7ff69e1a4ba4 47 API calls 18769->18774 18790 7ff69e1a453c 18769->18790 18776 7ff69e1a50f8 45 API calls 18770->18776 18771->18762 18771->18775 18786 7ff69e1a4467 18772->18786 18773->18769 18778 7ff69e1a447e 18773->18778 18773->18786 18774->18786 18779 7ff69e1a16dc 38 API calls 18775->18779 18775->18790 18776->18786 18777->18786 18781 7ff69e1a4ee0 46 API calls 18778->18781 18778->18790 18779->18786 18780->18762 18782 7ff69e1a44be 18780->18782 18781->18786 18784 7ff69e1a4fa4 37 API calls 18782->18784 18782->18790 18783 7ff69e19bab0 _log10_special 8 API calls 18785 7ff69e1a4836 18783->18785 18784->18786 18785->18718 18787 7ff69e1a5210 45 API calls 18786->18787 18789 7ff69e1a4728 18786->18789 18786->18790 18787->18789 18788 7ff69e1afa70 46 API calls 18788->18789 18789->18788 18789->18790 18790->18783 19011 7ff69e1a0540 18791->19011 18795 7ff69e1a4bca 18794->18795 18857 7ff69e1a00f8 18795->18857 18800 7ff69e1a5210 45 API calls 18801 7ff69e1a4d0f 18800->18801 18802 7ff69e1a5210 45 API calls 18801->18802 18803 7ff69e1a4d9d 18801->18803 18802->18803 18803->18749 18805 7ff69e1a4f15 18804->18805 18806 7ff69e1a4f5a 18805->18806 18807 7ff69e1a4f33 18805->18807 18809 7ff69e1a5210 45 API calls 18805->18809 18806->18749 18808 7ff69e1afa70 46 API calls 18807->18808 18808->18806 18809->18807 18813 7ff69e1a4fc5 18810->18813 18811 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18812 7ff69e1a4ff6 18811->18812 18812->18749 18813->18811 18813->18812 18816 7ff69e1a12ff 18814->18816 18815 7ff69e1a132e 18820 7ff69e1a136b 18815->18820 18984 7ff69e1a01a0 18815->18984 18816->18815 18818 7ff69e1a13eb 18816->18818 18819 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18818->18819 18819->18820 18820->18749 18823 7ff69e1a0eef 18821->18823 18822 7ff69e1a0f1e 18824 7ff69e1a01a0 12 API calls 18822->18824 18827 7ff69e1a0f5b 18822->18827 18823->18822 18825 7ff69e1a0fdb 18823->18825 18824->18827 18826 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18825->18826 18826->18827 18827->18749 18829 7ff69e1a513b 18828->18829 18831 7ff69e1a513f __crtLCMapStringW 18829->18831 18992 7ff69e1a5194 18829->18992 18831->18749 18834 7ff69e1a170f 18832->18834 18833 7ff69e1a173e 18835 7ff69e1a01a0 12 API calls 18833->18835 18838 7ff69e1a177b 18833->18838 18834->18833 18836 7ff69e1a17fb 18834->18836 18835->18838 18837 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18836->18837 18837->18838 18838->18749 18840 7ff69e1a5227 18839->18840 18996 7ff69e1aea20 18840->18996 18847 7ff69e1afaa1 18845->18847 18855 7ff69e1afaaf 18845->18855 18846 7ff69e1afacf 18848 7ff69e1afae0 18846->18848 18849 7ff69e1afb07 18846->18849 18847->18846 18850 7ff69e1a5210 45 API calls 18847->18850 18847->18855 19004 7ff69e1b12b0 18848->19004 18852 7ff69e1afb31 18849->18852 18853 7ff69e1afb92 18849->18853 18849->18855 18850->18846 18852->18855 18856 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 18852->18856 18854 7ff69e1b0ab0 _fread_nolock MultiByteToWideChar 18853->18854 18854->18855 18855->18753 18856->18855 18858 7ff69e1a012f 18857->18858 18864 7ff69e1a011e 18857->18864 18859 7ff69e1ae664 _fread_nolock 12 API calls 18858->18859 18858->18864 18860 7ff69e1a015c 18859->18860 18862 7ff69e1ab404 __free_lconv_mon 11 API calls 18860->18862 18863 7ff69e1a0170 18860->18863 18861 7ff69e1ab404 __free_lconv_mon 11 API calls 18861->18864 18862->18863 18863->18861 18865 7ff69e1af5d8 18864->18865 18866 7ff69e1af5f5 18865->18866 18867 7ff69e1af628 18865->18867 18868 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18866->18868 18867->18866 18869 7ff69e1af65a 18867->18869 18877 7ff69e1a4ced 18868->18877 18873 7ff69e1af76d 18869->18873 18880 7ff69e1af6a2 18869->18880 18870 7ff69e1af85f 18911 7ff69e1aeac4 18870->18911 18872 7ff69e1af825 18904 7ff69e1aee5c 18872->18904 18873->18870 18873->18872 18874 7ff69e1af7f4 18873->18874 18876 7ff69e1af7b7 18873->18876 18879 7ff69e1af7ad 18873->18879 18897 7ff69e1af13c 18874->18897 18887 7ff69e1af36c 18876->18887 18877->18800 18877->18801 18879->18872 18882 7ff69e1af7b2 18879->18882 18880->18877 18883 7ff69e1ab34c __std_exception_copy 37 API calls 18880->18883 18882->18874 18882->18876 18884 7ff69e1af75a 18883->18884 18884->18877 18885 7ff69e1ab7e4 _isindst 17 API calls 18884->18885 18886 7ff69e1af8bc 18885->18886 18920 7ff69e1b52bc 18887->18920 18891 7ff69e1af414 18892 7ff69e1af469 18891->18892 18894 7ff69e1af434 18891->18894 18896 7ff69e1af418 18891->18896 18973 7ff69e1aef58 18892->18973 18969 7ff69e1af214 18894->18969 18896->18877 18898 7ff69e1b52bc 38 API calls 18897->18898 18899 7ff69e1af186 18898->18899 18900 7ff69e1b4d04 37 API calls 18899->18900 18901 7ff69e1af1d6 18900->18901 18902 7ff69e1af1da 18901->18902 18903 7ff69e1af214 45 API calls 18901->18903 18902->18877 18903->18902 18905 7ff69e1b52bc 38 API calls 18904->18905 18906 7ff69e1aeea7 18905->18906 18907 7ff69e1b4d04 37 API calls 18906->18907 18908 7ff69e1aeeff 18907->18908 18909 7ff69e1aef03 18908->18909 18910 7ff69e1aef58 45 API calls 18908->18910 18909->18877 18910->18909 18912 7ff69e1aeb09 18911->18912 18913 7ff69e1aeb3c 18911->18913 18914 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18912->18914 18915 7ff69e1aeb54 18913->18915 18918 7ff69e1aebd5 18913->18918 18917 7ff69e1aeb35 memcpy_s 18914->18917 18916 7ff69e1aee5c 46 API calls 18915->18916 18916->18917 18917->18877 18918->18917 18919 7ff69e1a5210 45 API calls 18918->18919 18919->18917 18921 7ff69e1b530f fegetenv 18920->18921 18922 7ff69e1b903c 37 API calls 18921->18922 18928 7ff69e1b5362 18922->18928 18923 7ff69e1b538f 18927 7ff69e1ab34c __std_exception_copy 37 API calls 18923->18927 18924 7ff69e1b5452 18925 7ff69e1b903c 37 API calls 18924->18925 18926 7ff69e1b547c 18925->18926 18931 7ff69e1b903c 37 API calls 18926->18931 18932 7ff69e1b540d 18927->18932 18928->18924 18929 7ff69e1b537d 18928->18929 18930 7ff69e1b542c 18928->18930 18929->18923 18929->18924 18935 7ff69e1ab34c __std_exception_copy 37 API calls 18930->18935 18933 7ff69e1b548d 18931->18933 18934 7ff69e1b6534 18932->18934 18939 7ff69e1b5415 18932->18939 18936 7ff69e1b9230 20 API calls 18933->18936 18937 7ff69e1ab7e4 _isindst 17 API calls 18934->18937 18935->18932 18946 7ff69e1b54f6 memcpy_s 18936->18946 18938 7ff69e1b6549 18937->18938 18940 7ff69e19bab0 _log10_special 8 API calls 18939->18940 18941 7ff69e1af3b9 18940->18941 18965 7ff69e1b4d04 18941->18965 18942 7ff69e1b589f memcpy_s 18943 7ff69e1b5537 memcpy_s 18959 7ff69e1b5e7b memcpy_s 18943->18959 18960 7ff69e1b5993 memcpy_s 18943->18960 18944 7ff69e1b5bdf 18945 7ff69e1b4e20 37 API calls 18944->18945 18951 7ff69e1b62f7 18945->18951 18946->18942 18946->18943 18949 7ff69e1a5de8 _set_fmode 11 API calls 18946->18949 18947 7ff69e1b5b8b 18947->18944 18947->18947 18948 7ff69e1b654c memcpy_s 37 API calls 18947->18948 18948->18944 18950 7ff69e1b5970 18949->18950 18952 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 18950->18952 18953 7ff69e1b654c memcpy_s 37 API calls 18951->18953 18958 7ff69e1b6352 18951->18958 18952->18943 18953->18958 18954 7ff69e1b64d8 18955 7ff69e1b903c 37 API calls 18954->18955 18955->18939 18956 7ff69e1a5de8 11 API calls _set_fmode 18956->18959 18957 7ff69e1a5de8 11 API calls _set_fmode 18957->18960 18958->18954 18961 7ff69e1b4e20 37 API calls 18958->18961 18963 7ff69e1b654c memcpy_s 37 API calls 18958->18963 18959->18944 18959->18947 18959->18956 18964 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 18959->18964 18960->18947 18960->18957 18962 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 18960->18962 18961->18958 18962->18960 18963->18958 18964->18959 18966 7ff69e1b4d23 18965->18966 18967 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18966->18967 18968 7ff69e1b4d4e memcpy_s 18966->18968 18967->18968 18968->18891 18970 7ff69e1af240 memcpy_s 18969->18970 18971 7ff69e1a5210 45 API calls 18970->18971 18972 7ff69e1af2fa memcpy_s 18970->18972 18971->18972 18972->18896 18974 7ff69e1aef93 18973->18974 18977 7ff69e1aefe0 memcpy_s 18973->18977 18975 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 18974->18975 18976 7ff69e1aefbf 18975->18976 18976->18896 18978 7ff69e1af04b 18977->18978 18980 7ff69e1a5210 45 API calls 18977->18980 18979 7ff69e1ab34c __std_exception_copy 37 API calls 18978->18979 18983 7ff69e1af08d memcpy_s 18979->18983 18980->18978 18981 7ff69e1ab7e4 _isindst 17 API calls 18982 7ff69e1af138 18981->18982 18983->18981 18985 7ff69e1a01d7 18984->18985 18991 7ff69e1a01c6 18984->18991 18986 7ff69e1ae664 _fread_nolock 12 API calls 18985->18986 18985->18991 18987 7ff69e1a0208 18986->18987 18988 7ff69e1ab404 __free_lconv_mon 11 API calls 18987->18988 18990 7ff69e1a021c 18987->18990 18988->18990 18989 7ff69e1ab404 __free_lconv_mon 11 API calls 18989->18991 18990->18989 18991->18820 18993 7ff69e1a51b2 18992->18993 18994 7ff69e1a51ba 18992->18994 18995 7ff69e1a5210 45 API calls 18993->18995 18994->18831 18995->18994 18997 7ff69e1a524f 18996->18997 18998 7ff69e1aea39 18996->18998 19000 7ff69e1aea8c 18997->19000 18998->18997 18999 7ff69e1b4514 45 API calls 18998->18999 18999->18997 19001 7ff69e1aeaa5 19000->19001 19002 7ff69e1a525f 19000->19002 19001->19002 19003 7ff69e1b3860 45 API calls 19001->19003 19002->18753 19003->19002 19007 7ff69e1b7f98 19004->19007 19010 7ff69e1b7ffc 19007->19010 19008 7ff69e19bab0 _log10_special 8 API calls 19009 7ff69e1b12cd 19008->19009 19009->18855 19010->19008 19012 7ff69e1a0575 19011->19012 19013 7ff69e1a0587 19011->19013 19014 7ff69e1a5de8 _set_fmode 11 API calls 19012->19014 19015 7ff69e1a0595 19013->19015 19020 7ff69e1a05d1 19013->19020 19016 7ff69e1a057a 19014->19016 19018 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19015->19018 19017 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19016->19017 19024 7ff69e1a0585 19017->19024 19018->19024 19019 7ff69e1a094d 19022 7ff69e1a5de8 _set_fmode 11 API calls 19019->19022 19019->19024 19020->19019 19021 7ff69e1a5de8 _set_fmode 11 API calls 19020->19021 19023 7ff69e1a0942 19021->19023 19025 7ff69e1a0be1 19022->19025 19027 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19023->19027 19024->18718 19026 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19025->19026 19026->19024 19027->19019 19029 7ff69e1a576a 19028->19029 19030 7ff69e1a57a2 19029->19030 19032 7ff69e1a57d5 19029->19032 19031 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19030->19031 19034 7ff69e1a57cb 19031->19034 19035 7ff69e1a0078 19032->19035 19034->18709 19042 7ff69e1a627c EnterCriticalSection 19035->19042 19044 7ff69e19fbfc 19043->19044 19071 7ff69e19f95c 19044->19071 19046 7ff69e19fc15 19046->18362 19083 7ff69e19f8b4 19047->19083 19051 7ff69e19bdb0 19050->19051 19052 7ff69e192040 GetCurrentProcessId 19051->19052 19053 7ff69e191c60 49 API calls 19052->19053 19054 7ff69e19208b 19053->19054 19097 7ff69e1a5864 19054->19097 19058 7ff69e1920ec 19059 7ff69e191c60 49 API calls 19058->19059 19060 7ff69e192106 19059->19060 19137 7ff69e191cc0 19060->19137 19063 7ff69e19bab0 _log10_special 8 API calls 19064 7ff69e192120 19063->19064 19064->18402 19066 7ff69e19f611 19065->19066 19067 7ff69e191b69 19065->19067 19068 7ff69e1a5de8 _set_fmode 11 API calls 19066->19068 19067->18401 19067->18402 19069 7ff69e19f616 19068->19069 19070 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19069->19070 19070->19067 19072 7ff69e19f9c6 19071->19072 19073 7ff69e19f986 19071->19073 19072->19073 19075 7ff69e19f9d2 19072->19075 19074 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19073->19074 19081 7ff69e19f9ad 19074->19081 19082 7ff69e1a627c EnterCriticalSection 19075->19082 19081->19046 19084 7ff69e191a00 19083->19084 19085 7ff69e19f8de 19083->19085 19084->18371 19084->18372 19085->19084 19086 7ff69e19f92a 19085->19086 19087 7ff69e19f8ed memcpy_s 19085->19087 19096 7ff69e1a627c EnterCriticalSection 19086->19096 19089 7ff69e1a5de8 _set_fmode 11 API calls 19087->19089 19091 7ff69e19f902 19089->19091 19093 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19091->19093 19093->19084 19099 7ff69e1a58be 19097->19099 19098 7ff69e1a58e3 19100 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19098->19100 19099->19098 19101 7ff69e1a591f 19099->19101 19103 7ff69e1a590d 19100->19103 19148 7ff69e1a2758 19101->19148 19105 7ff69e19bab0 _log10_special 8 API calls 19103->19105 19109 7ff69e1920ca 19105->19109 19106 7ff69e1ab404 __free_lconv_mon 11 API calls 19106->19103 19107 7ff69e1a59fc 19107->19106 19108 7ff69e1a59c8 19108->19107 19110 7ff69e1a59d1 19108->19110 19115 7ff69e1a6040 19109->19115 19113 7ff69e1ab404 __free_lconv_mon 11 API calls 19110->19113 19111 7ff69e1a5a20 19111->19107 19112 7ff69e1a5a2a 19111->19112 19114 7ff69e1ab404 __free_lconv_mon 11 API calls 19112->19114 19113->19103 19114->19103 19116 7ff69e1ac168 _set_fmode 11 API calls 19115->19116 19117 7ff69e1a6057 19116->19117 19118 7ff69e1a605f 19117->19118 19119 7ff69e1afda4 _set_fmode 11 API calls 19117->19119 19122 7ff69e1a6097 19117->19122 19118->19058 19120 7ff69e1a608c 19119->19120 19121 7ff69e1ab404 __free_lconv_mon 11 API calls 19120->19121 19121->19122 19122->19118 19283 7ff69e1afe2c 19122->19283 19125 7ff69e1ab7e4 _isindst 17 API calls 19126 7ff69e1a60dc 19125->19126 19127 7ff69e1afda4 _set_fmode 11 API calls 19126->19127 19128 7ff69e1a6129 19127->19128 19129 7ff69e1ab404 __free_lconv_mon 11 API calls 19128->19129 19130 7ff69e1a6137 19129->19130 19131 7ff69e1afda4 _set_fmode 11 API calls 19130->19131 19135 7ff69e1a6161 19130->19135 19132 7ff69e1a6153 19131->19132 19134 7ff69e1ab404 __free_lconv_mon 11 API calls 19132->19134 19134->19135 19136 7ff69e1a616a 19135->19136 19292 7ff69e1b0280 19135->19292 19136->19058 19138 7ff69e191ccc 19137->19138 19139 7ff69e1988f0 2 API calls 19138->19139 19140 7ff69e191cf4 19139->19140 19141 7ff69e191cfe 19140->19141 19142 7ff69e191d19 19140->19142 19143 7ff69e191e00 78 API calls 19141->19143 19297 7ff69e191db0 19142->19297 19145 7ff69e191d17 19143->19145 19146 7ff69e19bab0 _log10_special 8 API calls 19145->19146 19147 7ff69e191d40 19146->19147 19147->19063 19149 7ff69e1a2796 19148->19149 19150 7ff69e1a2786 19148->19150 19151 7ff69e1a279f 19149->19151 19156 7ff69e1a27cd 19149->19156 19153 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19150->19153 19154 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19151->19154 19152 7ff69e1a27c5 19152->19107 19152->19108 19152->19110 19152->19111 19153->19152 19154->19152 19155 7ff69e1a5210 45 API calls 19155->19156 19156->19150 19156->19152 19156->19155 19158 7ff69e1a2a7c 19156->19158 19162 7ff69e1a3b28 19156->19162 19188 7ff69e1a3208 19156->19188 19218 7ff69e1a22a0 19156->19218 19160 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19158->19160 19160->19150 19163 7ff69e1a3b6a 19162->19163 19164 7ff69e1a3bdd 19162->19164 19167 7ff69e1a3b70 19163->19167 19168 7ff69e1a3c07 19163->19168 19165 7ff69e1a3be2 19164->19165 19166 7ff69e1a3c37 19164->19166 19169 7ff69e1a3be4 19165->19169 19170 7ff69e1a3c17 19165->19170 19166->19168 19178 7ff69e1a3c46 19166->19178 19186 7ff69e1a3ba0 19166->19186 19175 7ff69e1a3b75 19167->19175 19167->19178 19235 7ff69e1a10c8 19168->19235 19171 7ff69e1a3b85 19169->19171 19177 7ff69e1a3bf3 19169->19177 19242 7ff69e1a0cb8 19170->19242 19187 7ff69e1a3c75 19171->19187 19221 7ff69e1a4950 19171->19221 19175->19171 19176 7ff69e1a3bb8 19175->19176 19175->19186 19176->19187 19231 7ff69e1a4e0c 19176->19231 19177->19168 19180 7ff69e1a3bf8 19177->19180 19178->19187 19249 7ff69e1a14d8 19178->19249 19183 7ff69e1a4fa4 37 API calls 19180->19183 19180->19187 19182 7ff69e19bab0 _log10_special 8 API calls 19184 7ff69e1a3f0b 19182->19184 19183->19186 19184->19156 19186->19187 19256 7ff69e1af8c0 19186->19256 19187->19182 19189 7ff69e1a3213 19188->19189 19190 7ff69e1a3229 19188->19190 19192 7ff69e1a3267 19189->19192 19193 7ff69e1a3b6a 19189->19193 19194 7ff69e1a3bdd 19189->19194 19191 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19190->19191 19190->19192 19191->19192 19192->19156 19197 7ff69e1a3b70 19193->19197 19198 7ff69e1a3c07 19193->19198 19195 7ff69e1a3be2 19194->19195 19196 7ff69e1a3c37 19194->19196 19199 7ff69e1a3be4 19195->19199 19200 7ff69e1a3c17 19195->19200 19196->19198 19208 7ff69e1a3c46 19196->19208 19216 7ff69e1a3ba0 19196->19216 19205 7ff69e1a3b75 19197->19205 19197->19208 19202 7ff69e1a10c8 38 API calls 19198->19202 19201 7ff69e1a3b85 19199->19201 19206 7ff69e1a3bf3 19199->19206 19203 7ff69e1a0cb8 38 API calls 19200->19203 19204 7ff69e1a4950 47 API calls 19201->19204 19217 7ff69e1a3c75 19201->19217 19202->19216 19203->19216 19204->19216 19205->19201 19207 7ff69e1a3bb8 19205->19207 19205->19216 19206->19198 19210 7ff69e1a3bf8 19206->19210 19211 7ff69e1a4e0c 47 API calls 19207->19211 19207->19217 19209 7ff69e1a14d8 38 API calls 19208->19209 19208->19217 19209->19216 19213 7ff69e1a4fa4 37 API calls 19210->19213 19210->19217 19211->19216 19212 7ff69e19bab0 _log10_special 8 API calls 19214 7ff69e1a3f0b 19212->19214 19213->19216 19214->19156 19215 7ff69e1af8c0 47 API calls 19215->19216 19216->19215 19216->19217 19217->19212 19266 7ff69e1a028c 19218->19266 19222 7ff69e1a4972 19221->19222 19223 7ff69e1a00f8 12 API calls 19222->19223 19224 7ff69e1a49ba 19223->19224 19225 7ff69e1af5d8 46 API calls 19224->19225 19226 7ff69e1a4a8d 19225->19226 19227 7ff69e1a4aaf 19226->19227 19228 7ff69e1a5210 45 API calls 19226->19228 19229 7ff69e1a5210 45 API calls 19227->19229 19230 7ff69e1a4b38 19227->19230 19228->19227 19229->19230 19230->19186 19232 7ff69e1a4e8c 19231->19232 19233 7ff69e1a4e24 19231->19233 19232->19186 19233->19232 19234 7ff69e1af8c0 47 API calls 19233->19234 19234->19232 19236 7ff69e1a10fb 19235->19236 19237 7ff69e1a112a 19236->19237 19239 7ff69e1a11e7 19236->19239 19238 7ff69e1a00f8 12 API calls 19237->19238 19241 7ff69e1a1167 19237->19241 19238->19241 19240 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19239->19240 19240->19241 19241->19186 19243 7ff69e1a0ceb 19242->19243 19244 7ff69e1a0d1a 19243->19244 19246 7ff69e1a0dd7 19243->19246 19245 7ff69e1a00f8 12 API calls 19244->19245 19248 7ff69e1a0d57 19244->19248 19245->19248 19247 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19246->19247 19247->19248 19248->19186 19250 7ff69e1a150b 19249->19250 19251 7ff69e1a153a 19250->19251 19253 7ff69e1a15f7 19250->19253 19252 7ff69e1a00f8 12 API calls 19251->19252 19255 7ff69e1a1577 19251->19255 19252->19255 19254 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19253->19254 19254->19255 19255->19186 19257 7ff69e1af8e8 19256->19257 19258 7ff69e1af92d 19257->19258 19259 7ff69e1a5210 45 API calls 19257->19259 19262 7ff69e1af8ed memcpy_s 19257->19262 19265 7ff69e1af916 memcpy_s 19257->19265 19261 7ff69e1b19f8 WideCharToMultiByte 19258->19261 19258->19262 19258->19265 19259->19258 19260 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19260->19262 19263 7ff69e1afa09 19261->19263 19262->19186 19263->19262 19264 7ff69e1afa1e GetLastError 19263->19264 19264->19262 19264->19265 19265->19260 19265->19262 19267 7ff69e1a02b9 19266->19267 19268 7ff69e1a02cb 19266->19268 19269 7ff69e1a5de8 _set_fmode 11 API calls 19267->19269 19271 7ff69e1a02d8 19268->19271 19274 7ff69e1a0315 19268->19274 19270 7ff69e1a02be 19269->19270 19272 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19270->19272 19273 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19271->19273 19282 7ff69e1a02c9 19272->19282 19273->19282 19275 7ff69e1a03be 19274->19275 19277 7ff69e1a5de8 _set_fmode 11 API calls 19274->19277 19276 7ff69e1a5de8 _set_fmode 11 API calls 19275->19276 19275->19282 19279 7ff69e1a0468 19276->19279 19278 7ff69e1a03b3 19277->19278 19280 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19278->19280 19281 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19279->19281 19280->19275 19281->19282 19282->19156 19286 7ff69e1afe49 19283->19286 19284 7ff69e1afe4e 19285 7ff69e1a5de8 _set_fmode 11 API calls 19284->19285 19289 7ff69e1a60bd 19284->19289 19291 7ff69e1afe58 19285->19291 19286->19284 19287 7ff69e1afe98 19286->19287 19286->19289 19287->19289 19290 7ff69e1a5de8 _set_fmode 11 API calls 19287->19290 19288 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19288->19289 19289->19118 19289->19125 19290->19291 19291->19288 19293 7ff69e1aff1c __crtLCMapStringW 5 API calls 19292->19293 19294 7ff69e1b02b6 19293->19294 19295 7ff69e1b02d5 InitializeCriticalSectionAndSpinCount 19294->19295 19296 7ff69e1b02bb 19294->19296 19295->19296 19296->19135 19298 7ff69e191dd6 19297->19298 19301 7ff69e1a561c 19298->19301 19300 7ff69e191dec 19300->19145 19303 7ff69e1a5646 19301->19303 19302 7ff69e1a567e 19304 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 19302->19304 19303->19302 19305 7ff69e1a56b1 19303->19305 19307 7ff69e1a56a7 19304->19307 19308 7ff69e1a00b8 19305->19308 19307->19300 19315 7ff69e1a627c EnterCriticalSection 19308->19315 19317 7ff69e1a9121 19316->19317 19318 7ff69e1a9134 19316->19318 19320 7ff69e1a5de8 _set_fmode 11 API calls 19317->19320 19326 7ff69e1a8d98 19318->19326 19322 7ff69e1a9126 19320->19322 19323 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19322->19323 19325 7ff69e1a9132 19323->19325 19325->18422 19333 7ff69e1b14e8 EnterCriticalSection 19326->19333 19335 7ff69e197a11 GetTokenInformation 19334->19335 19336 7ff69e197a93 __std_exception_destroy 19334->19336 19337 7ff69e197a32 GetLastError 19335->19337 19338 7ff69e197a3d 19335->19338 19339 7ff69e197aa6 CloseHandle 19336->19339 19340 7ff69e197aac 19336->19340 19337->19336 19337->19338 19338->19336 19341 7ff69e197a59 GetTokenInformation 19338->19341 19339->19340 19340->18427 19341->19336 19342 7ff69e197a7c 19341->19342 19342->19336 19343 7ff69e197a86 ConvertSidToStringSidW 19342->19343 19343->19336 19345 7ff69e19bdb0 19344->19345 19346 7ff69e192244 GetCurrentProcessId 19345->19346 19347 7ff69e191d50 48 API calls 19346->19347 19348 7ff69e192295 19347->19348 19349 7ff69e1a5ab8 48 API calls 19348->19349 19350 7ff69e1922d3 19349->19350 19351 7ff69e191e00 78 API calls 19350->19351 19352 7ff69e1922f1 19351->19352 19356 7ff69e198725 19355->19356 19357 7ff69e1a5ab8 48 API calls 19356->19357 19358 7ff69e198744 19357->19358 19363 7ff69e19763c 19362->19363 19364 7ff69e1988f0 2 API calls 19363->19364 19525 7ff69e19399a 19524->19525 19526 7ff69e1988f0 2 API calls 19525->19526 19527 7ff69e1939bf 19526->19527 19528 7ff69e19bab0 _log10_special 8 API calls 19527->19528 19529 7ff69e1939e7 19528->19529 19529->18487 19531 7ff69e19728e 19530->19531 19532 7ff69e1973b2 19531->19532 19533 7ff69e191c60 49 API calls 19531->19533 19535 7ff69e19bab0 _log10_special 8 API calls 19532->19535 19534 7ff69e197315 19533->19534 19534->19532 19537 7ff69e191c60 49 API calls 19534->19537 19538 7ff69e193990 10 API calls 19534->19538 19539 7ff69e1988f0 2 API calls 19534->19539 19536 7ff69e1973e3 19535->19536 19536->18487 19537->19534 19538->19534 19542 7ff69e1915f3 19541->19542 19543 7ff69e191617 19541->19543 19662 7ff69e191030 19542->19662 19544 7ff69e1939f0 108 API calls 19543->19544 19546 7ff69e19162b 19544->19546 19548 7ff69e191662 19546->19548 19549 7ff69e191633 19546->19549 19590 7ff69e1965eb 19589->19590 19592 7ff69e1965a4 19589->19592 19590->18487 19592->19590 19726 7ff69e1a5f04 19592->19726 19594 7ff69e1935d1 19593->19594 19595 7ff69e193910 49 API calls 19594->19595 19596 7ff69e19360b 19595->19596 19597 7ff69e193910 49 API calls 19596->19597 19598 7ff69e19361b 19597->19598 19638 7ff69e191c60 49 API calls 19637->19638 19639 7ff69e1938a4 19638->19639 19639->18487 19663 7ff69e1939f0 108 API calls 19662->19663 19664 7ff69e19106c 19663->19664 19665 7ff69e191074 19664->19665 19666 7ff69e191089 19664->19666 19727 7ff69e1a5f11 19726->19727 19730 7ff69e1a5f3e 19726->19730 19728 7ff69e1a5de8 _set_fmode 11 API calls 19727->19728 19738 7ff69e1a5ec8 19727->19738 19732 7ff69e1a5f1b 19728->19732 19729 7ff69e1a5f61 19730->19729 19731 7ff69e1a5f7d 19730->19731 19738->19592 19805 7ff69e1a6e28 19804->19805 19806 7ff69e1a6e4e 19805->19806 19808 7ff69e1a6e81 19805->19808 19807 7ff69e1a5de8 _set_fmode 11 API calls 19806->19807 19809 7ff69e1a6e53 19807->19809 19810 7ff69e1a6e94 19808->19810 19811 7ff69e1a6e87 19808->19811 19812 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 19809->19812 19823 7ff69e1abad0 19810->19823 19813 7ff69e1a5de8 _set_fmode 11 API calls 19811->19813 19815 7ff69e193a46 19812->19815 19813->19815 19815->18515 19836 7ff69e1b14e8 EnterCriticalSection 19823->19836 20196 7ff69e1a87d4 20195->20196 20199 7ff69e1a82b0 20196->20199 20198 7ff69e1a87ed 20198->18525 20200 7ff69e1a82fa 20199->20200 20201 7ff69e1a82cb 20199->20201 20209 7ff69e1a627c EnterCriticalSection 20200->20209 20202 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 20201->20202 20204 7ff69e1a82eb 20202->20204 20204->20198 20211 7ff69e19f33b 20210->20211 20212 7ff69e19f369 20210->20212 20213 7ff69e1ab6f8 _invalid_parameter_noinfo 37 API calls 20211->20213 20215 7ff69e19f35b 20212->20215 20220 7ff69e1a627c EnterCriticalSection 20212->20220 20213->20215 20215->18529 20328 7ff69e1957d5 20327->20328 20329 7ff69e191c60 49 API calls 20328->20329 20330 7ff69e195811 20329->20330 20331 7ff69e19581a 20330->20331 20332 7ff69e19583d 20330->20332 20333 7ff69e191e50 81 API calls 20331->20333 20334 7ff69e193a60 49 API calls 20332->20334 20350 7ff69e195833 20333->20350 20335 7ff69e195855 20334->20335 20602 7ff69e1abff0 __GetCurrentState 45 API calls 20601->20602 20604 7ff69e1ab301 20602->20604 20603 7ff69e1ab3ac __GetCurrentState 45 API calls 20605 7ff69e1ab321 20603->20605 20604->20603 20863 7ff69e19c0b0 20864 7ff69e19c0c0 20863->20864 20880 7ff69e1aaa80 20864->20880 20866 7ff69e19c0cc 20886 7ff69e19c3b8 20866->20886 20868 7ff69e19c69c 7 API calls 20870 7ff69e19c165 20868->20870 20869 7ff69e19c0e4 _RTC_Initialize 20878 7ff69e19c139 20869->20878 20891 7ff69e19c568 20869->20891 20872 7ff69e19c0f9 20894 7ff69e1a9ef0 20872->20894 20878->20868 20879 7ff69e19c155 20878->20879 20881 7ff69e1aaa91 20880->20881 20882 7ff69e1a5de8 _set_fmode 11 API calls 20881->20882 20885 7ff69e1aaa99 20881->20885 20883 7ff69e1aaaa8 20882->20883 20884 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 20883->20884 20884->20885 20885->20866 20887 7ff69e19c3c9 20886->20887 20890 7ff69e19c3ce __scrt_release_startup_lock 20886->20890 20888 7ff69e19c69c 7 API calls 20887->20888 20887->20890 20889 7ff69e19c442 20888->20889 20890->20869 20919 7ff69e19c52c 20891->20919 20893 7ff69e19c571 20893->20872 20895 7ff69e1a9f10 20894->20895 20896 7ff69e19c105 20894->20896 20897 7ff69e1a9f2e GetModuleFileNameW 20895->20897 20898 7ff69e1a9f18 20895->20898 20896->20878 20918 7ff69e19c63c InitializeSListHead 20896->20918 20902 7ff69e1a9f59 20897->20902 20899 7ff69e1a5de8 _set_fmode 11 API calls 20898->20899 20900 7ff69e1a9f1d 20899->20900 20901 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 20900->20901 20901->20896 20934 7ff69e1a9e90 20902->20934 20905 7ff69e1a9fa1 20906 7ff69e1a5de8 _set_fmode 11 API calls 20905->20906 20907 7ff69e1a9fa6 20906->20907 20908 7ff69e1ab404 __free_lconv_mon 11 API calls 20907->20908 20908->20896 20909 7ff69e1a9fb9 20910 7ff69e1a9fdb 20909->20910 20912 7ff69e1aa020 20909->20912 20913 7ff69e1aa007 20909->20913 20911 7ff69e1ab404 __free_lconv_mon 11 API calls 20910->20911 20911->20896 20916 7ff69e1ab404 __free_lconv_mon 11 API calls 20912->20916 20914 7ff69e1ab404 __free_lconv_mon 11 API calls 20913->20914 20915 7ff69e1aa010 20914->20915 20917 7ff69e1ab404 __free_lconv_mon 11 API calls 20915->20917 20916->20910 20917->20896 20920 7ff69e19c546 20919->20920 20922 7ff69e19c53f 20919->20922 20923 7ff69e1ab10c 20920->20923 20922->20893 20926 7ff69e1aad48 20923->20926 20933 7ff69e1b14e8 EnterCriticalSection 20926->20933 20935 7ff69e1a9ea8 20934->20935 20939 7ff69e1a9ee0 20934->20939 20936 7ff69e1afda4 _set_fmode 11 API calls 20935->20936 20935->20939 20937 7ff69e1a9ed6 20936->20937 20938 7ff69e1ab404 __free_lconv_mon 11 API calls 20937->20938 20938->20939 20939->20905 20939->20909 16986 7ff69e1a6584 16987 7ff69e1a659e 16986->16987 16988 7ff69e1a65bb 16986->16988 17037 7ff69e1a5dc8 16987->17037 16988->16987 16990 7ff69e1a65ce CreateFileW 16988->16990 16992 7ff69e1a6602 16990->16992 16993 7ff69e1a6638 16990->16993 17011 7ff69e1a66d8 GetFileType 16992->17011 17043 7ff69e1a6b60 16993->17043 16994 7ff69e1a5de8 _set_fmode 11 API calls 16998 7ff69e1a65ab 16994->16998 17040 7ff69e1ab7c4 16998->17040 17000 7ff69e1a6641 17064 7ff69e1a5d5c 17000->17064 17001 7ff69e1a666c 17069 7ff69e1a6920 17001->17069 17003 7ff69e1a6617 CloseHandle 17007 7ff69e1a65b6 17003->17007 17004 7ff69e1a662d CloseHandle 17004->17007 17010 7ff69e1a664b 17010->17007 17012 7ff69e1a67e3 17011->17012 17015 7ff69e1a6726 17011->17015 17013 7ff69e1a67eb 17012->17013 17014 7ff69e1a680d 17012->17014 17017 7ff69e1a67ef 17013->17017 17018 7ff69e1a67fe GetLastError 17013->17018 17020 7ff69e1a6830 PeekNamedPipe 17014->17020 17021 7ff69e1a67ce 17014->17021 17016 7ff69e1a6752 GetFileInformationByHandle 17015->17016 17022 7ff69e1a6a5c 21 API calls 17015->17022 17016->17018 17019 7ff69e1a677b 17016->17019 17023 7ff69e1a5de8 _set_fmode 11 API calls 17017->17023 17025 7ff69e1a5d5c _fread_nolock 11 API calls 17018->17025 17024 7ff69e1a6920 51 API calls 17019->17024 17020->17021 17093 7ff69e19bab0 17021->17093 17026 7ff69e1a6740 17022->17026 17023->17021 17027 7ff69e1a6786 17024->17027 17025->17021 17026->17016 17026->17021 17086 7ff69e1a6880 17027->17086 17032 7ff69e1a6880 10 API calls 17033 7ff69e1a67a5 17032->17033 17034 7ff69e1a6880 10 API calls 17033->17034 17035 7ff69e1a67b6 17034->17035 17035->17021 17036 7ff69e1a5de8 _set_fmode 11 API calls 17035->17036 17036->17021 17038 7ff69e1ac168 _set_fmode 11 API calls 17037->17038 17039 7ff69e1a5dd1 17038->17039 17039->16994 17107 7ff69e1ab65c 17040->17107 17042 7ff69e1ab7dd 17042->17007 17044 7ff69e1a6b96 17043->17044 17045 7ff69e1a5de8 _set_fmode 11 API calls 17044->17045 17063 7ff69e1a6c2e __std_exception_destroy 17044->17063 17047 7ff69e1a6ba8 17045->17047 17046 7ff69e19bab0 _log10_special 8 API calls 17049 7ff69e1a663d 17046->17049 17048 7ff69e1a5de8 _set_fmode 11 API calls 17047->17048 17050 7ff69e1a6bb0 17048->17050 17049->17000 17049->17001 17159 7ff69e1a8ce4 17050->17159 17052 7ff69e1a6bc5 17053 7ff69e1a6bd7 17052->17053 17054 7ff69e1a6bcd 17052->17054 17056 7ff69e1a5de8 _set_fmode 11 API calls 17053->17056 17055 7ff69e1a5de8 _set_fmode 11 API calls 17054->17055 17062 7ff69e1a6bd2 17055->17062 17057 7ff69e1a6bdc 17056->17057 17058 7ff69e1a5de8 _set_fmode 11 API calls 17057->17058 17057->17063 17059 7ff69e1a6be6 17058->17059 17061 7ff69e1a8ce4 45 API calls 17059->17061 17060 7ff69e1a6c20 GetDriveTypeW 17060->17063 17061->17062 17062->17060 17062->17063 17063->17046 17065 7ff69e1ac168 _set_fmode 11 API calls 17064->17065 17066 7ff69e1a5d69 __free_lconv_mon 17065->17066 17067 7ff69e1ac168 _set_fmode 11 API calls 17066->17067 17068 7ff69e1a5d8b 17067->17068 17068->17010 17070 7ff69e1a6948 17069->17070 17078 7ff69e1a6679 17070->17078 17253 7ff69e1b0934 17070->17253 17072 7ff69e1a69dc 17073 7ff69e1b0934 51 API calls 17072->17073 17072->17078 17074 7ff69e1a69ef 17073->17074 17075 7ff69e1b0934 51 API calls 17074->17075 17074->17078 17076 7ff69e1a6a02 17075->17076 17077 7ff69e1b0934 51 API calls 17076->17077 17076->17078 17077->17078 17079 7ff69e1a6a5c 17078->17079 17080 7ff69e1a6a76 17079->17080 17081 7ff69e1a6aad 17080->17081 17083 7ff69e1a6a86 17080->17083 17082 7ff69e1b07c8 21 API calls 17081->17082 17085 7ff69e1a6a96 17082->17085 17084 7ff69e1a5d5c _fread_nolock 11 API calls 17083->17084 17083->17085 17084->17085 17085->17010 17087 7ff69e1a68a9 FileTimeToSystemTime 17086->17087 17088 7ff69e1a689c 17086->17088 17089 7ff69e1a68a4 17087->17089 17090 7ff69e1a68bd SystemTimeToTzSpecificLocalTime 17087->17090 17088->17087 17088->17089 17091 7ff69e19bab0 _log10_special 8 API calls 17089->17091 17090->17089 17092 7ff69e1a6795 17091->17092 17092->17032 17094 7ff69e19bab9 17093->17094 17095 7ff69e19bac4 17094->17095 17096 7ff69e19be40 IsProcessorFeaturePresent 17094->17096 17095->17003 17095->17004 17097 7ff69e19be58 17096->17097 17102 7ff69e19c038 RtlCaptureContext 17097->17102 17103 7ff69e19c052 RtlLookupFunctionEntry 17102->17103 17104 7ff69e19be6b 17103->17104 17105 7ff69e19c068 RtlVirtualUnwind 17103->17105 17106 7ff69e19be00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17104->17106 17105->17103 17105->17104 17108 7ff69e1ab687 17107->17108 17111 7ff69e1ab6f8 17108->17111 17110 7ff69e1ab6ae 17110->17042 17121 7ff69e1ab440 17111->17121 17116 7ff69e1ab733 17116->17110 17122 7ff69e1ab497 17121->17122 17123 7ff69e1ab45c GetLastError 17121->17123 17122->17116 17127 7ff69e1ab4ac 17122->17127 17124 7ff69e1ab46c 17123->17124 17134 7ff69e1ac230 17124->17134 17128 7ff69e1ab4e0 17127->17128 17129 7ff69e1ab4c8 GetLastError SetLastError 17127->17129 17128->17116 17130 7ff69e1ab7e4 IsProcessorFeaturePresent 17128->17130 17129->17128 17131 7ff69e1ab7f7 17130->17131 17151 7ff69e1ab4f8 17131->17151 17135 7ff69e1ac24f FlsGetValue 17134->17135 17136 7ff69e1ac26a FlsSetValue 17134->17136 17137 7ff69e1ac264 17135->17137 17139 7ff69e1ab487 SetLastError 17135->17139 17138 7ff69e1ac277 17136->17138 17136->17139 17137->17136 17140 7ff69e1afda4 _set_fmode 11 API calls 17138->17140 17139->17122 17141 7ff69e1ac286 17140->17141 17142 7ff69e1ac2a4 FlsSetValue 17141->17142 17143 7ff69e1ac294 FlsSetValue 17141->17143 17145 7ff69e1ac2b0 FlsSetValue 17142->17145 17146 7ff69e1ac2c2 17142->17146 17144 7ff69e1ac29d 17143->17144 17148 7ff69e1ab404 __free_lconv_mon 11 API calls 17144->17148 17145->17144 17147 7ff69e1abd9c _set_fmode 11 API calls 17146->17147 17149 7ff69e1ac2ca 17147->17149 17148->17139 17150 7ff69e1ab404 __free_lconv_mon 11 API calls 17149->17150 17150->17139 17152 7ff69e1ab532 _isindst memcpy_s 17151->17152 17153 7ff69e1ab55a RtlCaptureContext RtlLookupFunctionEntry 17152->17153 17154 7ff69e1ab594 RtlVirtualUnwind 17153->17154 17155 7ff69e1ab5ca IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17153->17155 17154->17155 17156 7ff69e1ab61c _isindst 17155->17156 17157 7ff69e19bab0 _log10_special 8 API calls 17156->17157 17158 7ff69e1ab63b GetCurrentProcess TerminateProcess 17157->17158 17160 7ff69e1a8d00 17159->17160 17161 7ff69e1a8d6e 17159->17161 17160->17161 17163 7ff69e1a8d05 17160->17163 17196 7ff69e1b19d0 17161->17196 17164 7ff69e1a8d1d 17163->17164 17165 7ff69e1a8d3a 17163->17165 17171 7ff69e1a8ab4 GetFullPathNameW 17164->17171 17179 7ff69e1a8b28 GetFullPathNameW 17165->17179 17170 7ff69e1a8d32 __std_exception_destroy 17170->17052 17172 7ff69e1a8af0 17171->17172 17173 7ff69e1a8ada GetLastError 17171->17173 17175 7ff69e1a8aec 17172->17175 17178 7ff69e1a5de8 _set_fmode 11 API calls 17172->17178 17174 7ff69e1a5d5c _fread_nolock 11 API calls 17173->17174 17176 7ff69e1a8ae7 17174->17176 17175->17170 17177 7ff69e1a5de8 _set_fmode 11 API calls 17176->17177 17177->17175 17178->17175 17180 7ff69e1a8b5b GetLastError 17179->17180 17184 7ff69e1a8b71 __std_exception_destroy 17179->17184 17181 7ff69e1a5d5c _fread_nolock 11 API calls 17180->17181 17182 7ff69e1a8b68 17181->17182 17183 7ff69e1a5de8 _set_fmode 11 API calls 17182->17183 17185 7ff69e1a8b6d 17183->17185 17184->17185 17186 7ff69e1a8bcb GetFullPathNameW 17184->17186 17187 7ff69e1a8c00 17185->17187 17186->17180 17186->17185 17190 7ff69e1a8c74 memcpy_s 17187->17190 17192 7ff69e1a8c29 memcpy_s 17187->17192 17188 7ff69e1a8c5d 17189 7ff69e1a5de8 _set_fmode 11 API calls 17188->17189 17191 7ff69e1a8c62 17189->17191 17190->17170 17194 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17191->17194 17192->17188 17192->17190 17193 7ff69e1a8c96 17192->17193 17193->17190 17195 7ff69e1a5de8 _set_fmode 11 API calls 17193->17195 17194->17190 17195->17191 17199 7ff69e1b17e0 17196->17199 17200 7ff69e1b1822 17199->17200 17201 7ff69e1b180b 17199->17201 17203 7ff69e1b1826 17200->17203 17204 7ff69e1b1847 17200->17204 17202 7ff69e1a5de8 _set_fmode 11 API calls 17201->17202 17218 7ff69e1b1810 17202->17218 17225 7ff69e1b194c 17203->17225 17237 7ff69e1b07c8 17204->17237 17207 7ff69e1b184c 17212 7ff69e1b18f1 17207->17212 17220 7ff69e1b1873 17207->17220 17209 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17224 7ff69e1b181b __std_exception_destroy 17209->17224 17210 7ff69e1b182f 17211 7ff69e1a5dc8 _fread_nolock 11 API calls 17210->17211 17213 7ff69e1b1834 17211->17213 17212->17201 17215 7ff69e1b18f9 17212->17215 17214 7ff69e1a5de8 _set_fmode 11 API calls 17213->17214 17214->17218 17219 7ff69e1a8ab4 13 API calls 17215->17219 17216 7ff69e19bab0 _log10_special 8 API calls 17217 7ff69e1b1941 17216->17217 17217->17170 17218->17209 17219->17224 17221 7ff69e1a8b28 14 API calls 17220->17221 17222 7ff69e1b18b7 17221->17222 17223 7ff69e1a8c00 37 API calls 17222->17223 17222->17224 17223->17224 17224->17216 17226 7ff69e1b1996 17225->17226 17227 7ff69e1b1966 17225->17227 17228 7ff69e1b19a1 GetDriveTypeW 17226->17228 17229 7ff69e1b1981 17226->17229 17230 7ff69e1a5dc8 _fread_nolock 11 API calls 17227->17230 17228->17229 17232 7ff69e19bab0 _log10_special 8 API calls 17229->17232 17231 7ff69e1b196b 17230->17231 17233 7ff69e1a5de8 _set_fmode 11 API calls 17231->17233 17234 7ff69e1b182b 17232->17234 17235 7ff69e1b1976 17233->17235 17234->17207 17234->17210 17236 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17235->17236 17236->17229 17251 7ff69e1bb6e0 17237->17251 17239 7ff69e1b07fe GetCurrentDirectoryW 17240 7ff69e1b0815 17239->17240 17241 7ff69e1b083c 17239->17241 17243 7ff69e19bab0 _log10_special 8 API calls 17240->17243 17242 7ff69e1afda4 _set_fmode 11 API calls 17241->17242 17244 7ff69e1b084b 17242->17244 17245 7ff69e1b08a9 17243->17245 17246 7ff69e1b0864 17244->17246 17247 7ff69e1b0855 GetCurrentDirectoryW 17244->17247 17245->17207 17249 7ff69e1a5de8 _set_fmode 11 API calls 17246->17249 17247->17246 17248 7ff69e1b0869 17247->17248 17250 7ff69e1ab404 __free_lconv_mon 11 API calls 17248->17250 17249->17248 17250->17240 17252 7ff69e1bb6d0 17251->17252 17252->17239 17252->17252 17254 7ff69e1b0941 17253->17254 17255 7ff69e1b0965 17253->17255 17254->17255 17256 7ff69e1b0946 17254->17256 17258 7ff69e1b099f 17255->17258 17259 7ff69e1b09be 17255->17259 17257 7ff69e1a5de8 _set_fmode 11 API calls 17256->17257 17260 7ff69e1b094b 17257->17260 17261 7ff69e1a5de8 _set_fmode 11 API calls 17258->17261 17270 7ff69e1a5e2c 17259->17270 17264 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17260->17264 17262 7ff69e1b09a4 17261->17262 17265 7ff69e1ab7c4 _invalid_parameter_noinfo 37 API calls 17262->17265 17266 7ff69e1b0956 17264->17266 17267 7ff69e1b09af 17265->17267 17266->17072 17267->17072 17268 7ff69e1b09cb 17268->17267 17269 7ff69e1b16ec 51 API calls 17268->17269 17269->17268 17271 7ff69e1a5e50 17270->17271 17272 7ff69e1a5e4b 17270->17272 17271->17272 17278 7ff69e1abff0 GetLastError 17271->17278 17272->17268 17279 7ff69e1ac031 FlsSetValue 17278->17279 17280 7ff69e1ac014 FlsGetValue 17278->17280 17282 7ff69e1ac021 17279->17282 17283 7ff69e1ac043 17279->17283 17281 7ff69e1ac02b 17280->17281 17280->17282 17281->17279 17284 7ff69e1ac09d SetLastError 17282->17284 17285 7ff69e1afda4 _set_fmode 11 API calls 17283->17285 17286 7ff69e1ac0bd 17284->17286 17287 7ff69e1a5e6b 17284->17287 17288 7ff69e1ac052 17285->17288 17308 7ff69e1ab3ac 17286->17308 17300 7ff69e1ae9ec 17287->17300 17290 7ff69e1ac070 FlsSetValue 17288->17290 17291 7ff69e1ac060 FlsSetValue 17288->17291 17292 7ff69e1ac08e 17290->17292 17293 7ff69e1ac07c FlsSetValue 17290->17293 17295 7ff69e1ac069 17291->17295 17296 7ff69e1abd9c _set_fmode 11 API calls 17292->17296 17293->17295 17297 7ff69e1ab404 __free_lconv_mon 11 API calls 17295->17297 17298 7ff69e1ac096 17296->17298 17297->17282 17299 7ff69e1ab404 __free_lconv_mon 11 API calls 17298->17299 17299->17284 17301 7ff69e1aea01 17300->17301 17303 7ff69e1a5e8e 17300->17303 17301->17303 17352 7ff69e1b4514 17301->17352 17304 7ff69e1aea58 17303->17304 17305 7ff69e1aea80 17304->17305 17306 7ff69e1aea6d 17304->17306 17305->17272 17306->17305 17365 7ff69e1b3860 17306->17365 17317 7ff69e1b4860 17308->17317 17343 7ff69e1b4818 17317->17343 17348 7ff69e1b14e8 EnterCriticalSection 17343->17348 17353 7ff69e1abff0 __GetCurrentState 45 API calls 17352->17353 17354 7ff69e1b4523 17353->17354 17355 7ff69e1b456e 17354->17355 17364 7ff69e1b14e8 EnterCriticalSection 17354->17364 17355->17303 17366 7ff69e1abff0 __GetCurrentState 45 API calls 17365->17366 17367 7ff69e1b3869 17366->17367 21030 7ff69e1bbf79 21033 7ff69e1a6288 LeaveCriticalSection 21030->21033 21613 7ff69e1bc00e 21614 7ff69e1bc027 21613->21614 21615 7ff69e1bc01d 21613->21615 21617 7ff69e1b1548 LeaveCriticalSection 21615->21617

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF69E197E40 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 7ff69e197e40-7ff69e197f86 call 7ff69e19bdb0 call 7ff69e1988f0 SetConsoleCtrlHandler GetStartupInfoW call 7ff69e1a6200 call 7ff69e1ab324 call 7ff69e1a95f8 call 7ff69e1a6200 call 7ff69e1ab324 call 7ff69e1a95f8 call 7ff69e1a6200 call 7ff69e1ab324 call 7ff69e1a95f8 GetCommandLineW CreateProcessW 23 7ff69e197f88-7ff69e197fa8 GetLastError call 7ff69e192310 0->23 24 7ff69e197fad-7ff69e197fe9 RegisterClassW 0->24 32 7ff69e198299-7ff69e1982bf call 7ff69e19bab0 23->32 25 7ff69e197ff1-7ff69e198045 CreateWindowExW 24->25 26 7ff69e197feb GetLastError 24->26 28 7ff69e19804f-7ff69e198054 ShowWindow 25->28 29 7ff69e198047-7ff69e19804d GetLastError 25->29 26->25 31 7ff69e19805a-7ff69e19806a WaitForSingleObject 28->31 29->31 34 7ff69e1980e8-7ff69e1980ef 31->34 35 7ff69e19806c 31->35 38 7ff69e1980f1-7ff69e198101 WaitForSingleObject 34->38 39 7ff69e198132-7ff69e198139 34->39 37 7ff69e198070-7ff69e198073 35->37 42 7ff69e198075 GetLastError 37->42 43 7ff69e19807b-7ff69e198082 37->43 44 7ff69e198107-7ff69e198117 TerminateProcess 38->44 45 7ff69e198258-7ff69e198262 38->45 40 7ff69e19813f-7ff69e198155 QueryPerformanceFrequency QueryPerformanceCounter 39->40 41 7ff69e198220-7ff69e198239 GetMessageW 39->41 46 7ff69e198160-7ff69e198198 MsgWaitForMultipleObjects PeekMessageW 40->46 48 7ff69e19824f-7ff69e198256 41->48 49 7ff69e19823b-7ff69e198249 TranslateMessage DispatchMessageW 41->49 42->43 43->38 47 7ff69e198084-7ff69e1980a1 PeekMessageW 43->47 52 7ff69e19811f-7ff69e19812d WaitForSingleObject 44->52 53 7ff69e198119 GetLastError 44->53 50 7ff69e198271-7ff69e198295 GetExitCodeProcess CloseHandle * 2 45->50 51 7ff69e198264-7ff69e19826a DestroyWindow 45->51 54 7ff69e1981d3-7ff69e1981da 46->54 55 7ff69e19819a 46->55 56 7ff69e1980a3-7ff69e1980d4 TranslateMessage DispatchMessageW PeekMessageW 47->56 57 7ff69e1980d6-7ff69e1980e6 WaitForSingleObject 47->57 48->41 48->45 49->48 50->32 51->50 52->45 53->52 54->41 59 7ff69e1981dc-7ff69e198205 QueryPerformanceCounter 54->59 58 7ff69e1981a0-7ff69e1981d1 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->34 57->37 58->54 58->58 59->46 60 7ff69e19820b-7ff69e198212 59->60 60->45 61 7ff69e198214-7ff69e198218 60->61 61->41
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastMessage$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                              • API String ID: 4208240515-3165540532
                                                                                                                                                                                                                              • Opcode ID: 2474af0ddb72a9897968d95ac05e16437d107bcda55c49da42d44140ff8ab908
                                                                                                                                                                                                                              • Instruction ID: e8ebb39b29636f8d5c603f87cd23d65b050840fcafc6584113a2bb7d04a5b8c9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2474af0ddb72a9897968d95ac05e16437d107bcda55c49da42d44140ff8ab908
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23D16372E08A8296FB249F74E8902AD3760FFA4758F440276FA5D867A9DF3CD145C720
                                                                                                                                                                                                                              Function 00007FF69E1B6E10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 507 7ff69e1b6e10-7ff69e1b6e4b call 7ff69e1b6798 call 7ff69e1b67a0 call 7ff69e1b6808 514 7ff69e1b6e51-7ff69e1b6e5c call 7ff69e1b67a8 507->514 515 7ff69e1b7075-7ff69e1b70c1 call 7ff69e1ab7e4 call 7ff69e1b6798 call 7ff69e1b67a0 call 7ff69e1b6808 507->515 514->515 520 7ff69e1b6e62-7ff69e1b6e6c 514->520 542 7ff69e1b71ff-7ff69e1b726d call 7ff69e1ab7e4 call 7ff69e1b2788 515->542 543 7ff69e1b70c7-7ff69e1b70d2 call 7ff69e1b67a8 515->543 522 7ff69e1b6e8e-7ff69e1b6e92 520->522 523 7ff69e1b6e6e-7ff69e1b6e71 520->523 526 7ff69e1b6e95-7ff69e1b6e9d 522->526 525 7ff69e1b6e74-7ff69e1b6e7f 523->525 528 7ff69e1b6e81-7ff69e1b6e88 525->528 529 7ff69e1b6e8a-7ff69e1b6e8c 525->529 526->526 530 7ff69e1b6e9f-7ff69e1b6eb2 call 7ff69e1ae664 526->530 528->525 528->529 529->522 532 7ff69e1b6ebb-7ff69e1b6ec9 529->532 537 7ff69e1b6eb4-7ff69e1b6eb6 call 7ff69e1ab404 530->537 538 7ff69e1b6eca-7ff69e1b6ed6 call 7ff69e1ab404 530->538 537->532 547 7ff69e1b6edd-7ff69e1b6ee5 538->547 561 7ff69e1b726f-7ff69e1b7276 542->561 562 7ff69e1b727b-7ff69e1b727e 542->562 543->542 551 7ff69e1b70d8-7ff69e1b70e3 call 7ff69e1b67d8 543->551 547->547 550 7ff69e1b6ee7-7ff69e1b6ef8 call 7ff69e1b1684 547->550 550->515 559 7ff69e1b6efe-7ff69e1b6f54 call 7ff69e1bb6e0 * 4 call 7ff69e1b6d2c 550->559 551->542 560 7ff69e1b70e9-7ff69e1b710c call 7ff69e1ab404 GetTimeZoneInformation 551->560 620 7ff69e1b6f56-7ff69e1b6f5a 559->620 575 7ff69e1b71d4-7ff69e1b71fe call 7ff69e1b6790 call 7ff69e1b6780 call 7ff69e1b6788 560->575 576 7ff69e1b7112-7ff69e1b7133 560->576 565 7ff69e1b730b-7ff69e1b730e 561->565 566 7ff69e1b7280 562->566 567 7ff69e1b72b5-7ff69e1b72c8 call 7ff69e1ae664 562->567 571 7ff69e1b7283 565->571 572 7ff69e1b7314-7ff69e1b731c call 7ff69e1b6e10 565->572 566->571 581 7ff69e1b72d3-7ff69e1b72ee call 7ff69e1b2788 567->581 582 7ff69e1b72ca 567->582 577 7ff69e1b7288-7ff69e1b72b4 call 7ff69e1ab404 call 7ff69e19bab0 571->577 578 7ff69e1b7283 call 7ff69e1b708c 571->578 572->577 584 7ff69e1b713e-7ff69e1b7145 576->584 585 7ff69e1b7135-7ff69e1b713b 576->585 578->577 603 7ff69e1b72f0-7ff69e1b72f3 581->603 604 7ff69e1b72f5-7ff69e1b7307 call 7ff69e1ab404 581->604 588 7ff69e1b72cc-7ff69e1b72d1 call 7ff69e1ab404 582->588 591 7ff69e1b7159 584->591 592 7ff69e1b7147-7ff69e1b714f 584->592 585->584 588->566 598 7ff69e1b715b-7ff69e1b71cf call 7ff69e1bb6e0 * 4 call 7ff69e1b3d6c call 7ff69e1b7324 * 2 591->598 592->591 599 7ff69e1b7151-7ff69e1b7157 592->599 598->575 599->598 603->588 604->565 621 7ff69e1b6f60-7ff69e1b6f64 620->621 622 7ff69e1b6f5c 620->622 621->620 624 7ff69e1b6f66-7ff69e1b6f8b call 7ff69e1a7ab8 621->624 622->621 630 7ff69e1b6f8e-7ff69e1b6f92 624->630 632 7ff69e1b6fa1-7ff69e1b6fa5 630->632 633 7ff69e1b6f94-7ff69e1b6f9f 630->633 632->630 633->632 635 7ff69e1b6fa7-7ff69e1b6fab 633->635 637 7ff69e1b702c-7ff69e1b7030 635->637 638 7ff69e1b6fad-7ff69e1b6fd5 call 7ff69e1a7ab8 635->638 640 7ff69e1b7032-7ff69e1b7034 637->640 641 7ff69e1b7037-7ff69e1b7044 637->641 647 7ff69e1b6ff3-7ff69e1b6ff7 638->647 648 7ff69e1b6fd7 638->648 640->641 643 7ff69e1b705f-7ff69e1b706e call 7ff69e1b6790 call 7ff69e1b6780 641->643 644 7ff69e1b7046-7ff69e1b705c call 7ff69e1b6d2c 641->644 643->515 644->643 647->637 650 7ff69e1b6ff9-7ff69e1b7017 call 7ff69e1a7ab8 647->650 652 7ff69e1b6fda-7ff69e1b6fe1 648->652 659 7ff69e1b7023-7ff69e1b702a 650->659 652->647 655 7ff69e1b6fe3-7ff69e1b6ff1 652->655 655->647 655->652 659->637 660 7ff69e1b7019-7ff69e1b701d 659->660 660->637 661 7ff69e1b701f 660->661 661->659
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B6E55
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1B67A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1B67BC
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB404: RtlFreeHeap.NTDLL(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB41A
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB404: GetLastError.KERNEL32(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB424
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB7E4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69E1AB7C3,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AB7ED
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB7E4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69E1AB7C3,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AB812
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B6E44
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1B6808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1B681C
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B70BA
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B70CB
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B70DC
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69E1B731C), ref: 00007FF69E1B7103
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                                              • Opcode ID: 828acdfc2d062c2bba75013f4106a30f03ee3c50c626b9d1fde7b9e701faf5c7
                                                                                                                                                                                                                              • Instruction ID: 813c5f76ce70dd705817a88c553c26484a4b01c38f3f199cd6cc3abc5e62032e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 828acdfc2d062c2bba75013f4106a30f03ee3c50c626b9d1fde7b9e701faf5c7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7ED1AF26E0824286EB30AF26D8C15B967A1EF74794F484176FA0DC7799DF3CE881C760
                                                                                                                                                                                                                              Function 00007FF69E1B7B74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 721 7ff69e1b7b74-7ff69e1b7be7 call 7ff69e1b78a8 724 7ff69e1b7c01-7ff69e1b7c0b call 7ff69e1a93fc 721->724 725 7ff69e1b7be9-7ff69e1b7bf2 call 7ff69e1a5dc8 721->725 730 7ff69e1b7c26-7ff69e1b7c8f CreateFileW 724->730 731 7ff69e1b7c0d-7ff69e1b7c24 call 7ff69e1a5dc8 call 7ff69e1a5de8 724->731 732 7ff69e1b7bf5-7ff69e1b7bfc call 7ff69e1a5de8 725->732 734 7ff69e1b7c91-7ff69e1b7c97 730->734 735 7ff69e1b7d0c-7ff69e1b7d17 GetFileType 730->735 731->732 748 7ff69e1b7f42-7ff69e1b7f62 732->748 738 7ff69e1b7cd9-7ff69e1b7d07 GetLastError call 7ff69e1a5d5c 734->738 739 7ff69e1b7c99-7ff69e1b7c9d 734->739 741 7ff69e1b7d19-7ff69e1b7d54 GetLastError call 7ff69e1a5d5c CloseHandle 735->741 742 7ff69e1b7d6a-7ff69e1b7d71 735->742 738->732 739->738 746 7ff69e1b7c9f-7ff69e1b7cd7 CreateFileW 739->746 741->732 755 7ff69e1b7d5a-7ff69e1b7d65 call 7ff69e1a5de8 741->755 744 7ff69e1b7d73-7ff69e1b7d77 742->744 745 7ff69e1b7d79-7ff69e1b7d7c 742->745 752 7ff69e1b7d82-7ff69e1b7dd7 call 7ff69e1a9314 744->752 745->752 753 7ff69e1b7d7e 745->753 746->735 746->738 760 7ff69e1b7dd9-7ff69e1b7de5 call 7ff69e1b7ab0 752->760 761 7ff69e1b7df6-7ff69e1b7e27 call 7ff69e1b7628 752->761 753->752 755->732 760->761 768 7ff69e1b7de7 760->768 766 7ff69e1b7e29-7ff69e1b7e2b 761->766 767 7ff69e1b7e2d-7ff69e1b7e6f 761->767 769 7ff69e1b7de9-7ff69e1b7df1 call 7ff69e1ab968 766->769 770 7ff69e1b7e91-7ff69e1b7e9c 767->770 771 7ff69e1b7e71-7ff69e1b7e75 767->771 768->769 769->748 774 7ff69e1b7f40 770->774 775 7ff69e1b7ea2-7ff69e1b7ea6 770->775 771->770 773 7ff69e1b7e77-7ff69e1b7e8c 771->773 773->770 774->748 775->774 777 7ff69e1b7eac-7ff69e1b7ef1 CloseHandle CreateFileW 775->777 778 7ff69e1b7ef3-7ff69e1b7f21 GetLastError call 7ff69e1a5d5c call 7ff69e1a953c 777->778 779 7ff69e1b7f26-7ff69e1b7f3b 777->779 778->779 779->774
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                                              • Opcode ID: 6900b12a6c6c443aa41c68e268e6275e38d412fb7e8bb922b7a0c5fbdd2459d5
                                                                                                                                                                                                                              • Instruction ID: d188ba02dc684ec1d486227a47d4799b605f5a00b0fd577e40c4c05f8d2b96b3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6900b12a6c6c443aa41c68e268e6275e38d412fb7e8bb922b7a0c5fbdd2459d5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2C1B136F28A4286EB24CF68D4D06BC3761EB59BA8B055375EE1E9B798CF38D055C310
                                                                                                                                                                                                                              Function 00007FF69E1B708C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 987 7ff69e1b708c-7ff69e1b70c1 call 7ff69e1b6798 call 7ff69e1b67a0 call 7ff69e1b6808 994 7ff69e1b71ff-7ff69e1b726d call 7ff69e1ab7e4 call 7ff69e1b2788 987->994 995 7ff69e1b70c7-7ff69e1b70d2 call 7ff69e1b67a8 987->995 1007 7ff69e1b726f-7ff69e1b7276 994->1007 1008 7ff69e1b727b-7ff69e1b727e 994->1008 995->994 1000 7ff69e1b70d8-7ff69e1b70e3 call 7ff69e1b67d8 995->1000 1000->994 1006 7ff69e1b70e9-7ff69e1b710c call 7ff69e1ab404 GetTimeZoneInformation 1000->1006 1018 7ff69e1b71d4-7ff69e1b71fe call 7ff69e1b6790 call 7ff69e1b6780 call 7ff69e1b6788 1006->1018 1019 7ff69e1b7112-7ff69e1b7133 1006->1019 1010 7ff69e1b730b-7ff69e1b730e 1007->1010 1011 7ff69e1b7280 1008->1011 1012 7ff69e1b72b5-7ff69e1b72c8 call 7ff69e1ae664 1008->1012 1015 7ff69e1b7283 1010->1015 1016 7ff69e1b7314-7ff69e1b731c call 7ff69e1b6e10 1010->1016 1011->1015 1024 7ff69e1b72d3-7ff69e1b72ee call 7ff69e1b2788 1012->1024 1025 7ff69e1b72ca 1012->1025 1020 7ff69e1b7288-7ff69e1b72b4 call 7ff69e1ab404 call 7ff69e19bab0 1015->1020 1021 7ff69e1b7283 call 7ff69e1b708c 1015->1021 1016->1020 1026 7ff69e1b713e-7ff69e1b7145 1019->1026 1027 7ff69e1b7135-7ff69e1b713b 1019->1027 1021->1020 1043 7ff69e1b72f0-7ff69e1b72f3 1024->1043 1044 7ff69e1b72f5-7ff69e1b7307 call 7ff69e1ab404 1024->1044 1030 7ff69e1b72cc-7ff69e1b72d1 call 7ff69e1ab404 1025->1030 1032 7ff69e1b7159 1026->1032 1033 7ff69e1b7147-7ff69e1b714f 1026->1033 1027->1026 1030->1011 1038 7ff69e1b715b-7ff69e1b71cf call 7ff69e1bb6e0 * 4 call 7ff69e1b3d6c call 7ff69e1b7324 * 2 1032->1038 1033->1032 1039 7ff69e1b7151-7ff69e1b7157 1033->1039 1038->1018 1039->1038 1043->1030 1044->1010
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B70BA
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1B6808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1B681C
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B70CB
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1B67A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1B67BC
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF69E1B70DC
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1B67D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1B67EC
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB404: RtlFreeHeap.NTDLL(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB41A
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB404: GetLastError.KERNEL32(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB424
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69E1B731C), ref: 00007FF69E1B7103
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                              • API String ID: 3458911817-239921721
                                                                                                                                                                                                                              • Opcode ID: 2b998ea362c828b2007ff439a7748e19cf2a99d5eecceb3216e2a1cfd4308c36
                                                                                                                                                                                                                              • Instruction ID: 860dec337d116466b263209420a96ba06c6178a38489dd50c0a46a3181818ed0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b998ea362c828b2007ff439a7748e19cf2a99d5eecceb3216e2a1cfd4308c36
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6518336E1864286E730DF22E8C15A967A1FB68784F4841B6FA4DC7799DF3CE441C760
                                                                                                                                                                                                                              Function 00007FF69E1987E0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                              • Opcode ID: bf04df12ed89424385b35bc97b9e30209b4e9d30cb3ee9ccc1531a0517fd62e7
                                                                                                                                                                                                                              • Instruction ID: 6d5c183bf86fe30d3a90fde70c2eccabb46cb81ed2faf2ca9a97094eaff7809d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf04df12ed89424385b35bc97b9e30209b4e9d30cb3ee9ccc1531a0517fd62e7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0C226A1C64686F7B08B64F4C876A7390FB94764F04433AFA6E426D4DF3CD049CB10
                                                                                                                                                                                                                              Function 00007FF69E1B1AD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                                                                              • Opcode ID: fc28bc5142024d2d55957d51276caef64a2a7d0988b027907db8698371d14740
                                                                                                                                                                                                                              • Instruction ID: 27060c46f0d37ecef57542fe50fdc826aceb55f9026fb79a3551d4fe4ebdf982
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc28bc5142024d2d55957d51276caef64a2a7d0988b027907db8698371d14740
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE02B021F0DA4280FA79AB16A4C42791694EF25BA0F4A46B5FD5EC73DADE3CE4458330
                                                                                                                                                                                                                              Function 00007FF69E191000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 529COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                              • API String ID: 2776309574-3325264605
                                                                                                                                                                                                                              • Opcode ID: 9ae7f750cbda2c6fe1b289ef93cae490ad94cd4c015a3c7c99c46b277af9807d
                                                                                                                                                                                                                              • Instruction ID: 20d76ad72b4621590f020c6df664e0134a8dfc8d53bc4db9112961887c4279a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ae7f750cbda2c6fe1b289ef93cae490ad94cd4c015a3c7c99c46b277af9807d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0424F21E0C68291FB399B21B4D52F96691EF75784F8840B2F95EC62D6EF2CE549C320
                                                                                                                                                                                                                              Function 00007FF69E191930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 359 7ff69e191930-7ff69e19196b call 7ff69e1939f0 362 7ff69e191c2e-7ff69e191c52 call 7ff69e19bab0 359->362 363 7ff69e191971-7ff69e1919b1 call 7ff69e1973f0 359->363 368 7ff69e1919b7-7ff69e1919c7 call 7ff69e19fbcc 363->368 369 7ff69e191c1b-7ff69e191c1e call 7ff69e19f544 363->369 374 7ff69e1919e8-7ff69e191a04 call 7ff69e19f894 368->374 375 7ff69e1919c9-7ff69e1919e3 call 7ff69e1a5de8 call 7ff69e192020 368->375 373 7ff69e191c23-7ff69e191c2b 369->373 373->362 381 7ff69e191a25-7ff69e191a3a call 7ff69e1a5e08 374->381 382 7ff69e191a06-7ff69e191a20 call 7ff69e1a5de8 call 7ff69e192020 374->382 375->369 389 7ff69e191a5b-7ff69e191adc call 7ff69e191c60 * 2 call 7ff69e19fbcc 381->389 390 7ff69e191a3c-7ff69e191a56 call 7ff69e1a5de8 call 7ff69e192020 381->390 382->369 401 7ff69e191ae1-7ff69e191af4 call 7ff69e1a5e24 389->401 390->369 404 7ff69e191b15-7ff69e191b2e call 7ff69e19f894 401->404 405 7ff69e191af6-7ff69e191b10 call 7ff69e1a5de8 call 7ff69e192020 401->405 410 7ff69e191b4f-7ff69e191b6b call 7ff69e19f608 404->410 411 7ff69e191b30-7ff69e191b4a call 7ff69e1a5de8 call 7ff69e192020 404->411 405->369 419 7ff69e191b7e-7ff69e191b8c 410->419 420 7ff69e191b6d-7ff69e191b79 call 7ff69e191e50 410->420 411->369 419->369 423 7ff69e191b92-7ff69e191b99 419->423 420->369 424 7ff69e191ba1-7ff69e191ba7 423->424 426 7ff69e191bc0-7ff69e191bcf 424->426 427 7ff69e191ba9-7ff69e191bb6 424->427 426->426 428 7ff69e191bd1-7ff69e191bda 426->428 427->428 429 7ff69e191bef 428->429 430 7ff69e191bdc-7ff69e191bdf 428->430 432 7ff69e191bf1-7ff69e191c04 429->432 430->429 431 7ff69e191be1-7ff69e191be4 430->431 431->429 433 7ff69e191be6-7ff69e191be9 431->433 434 7ff69e191c06 432->434 435 7ff69e191c0d-7ff69e191c19 432->435 433->429 436 7ff69e191beb-7ff69e191bed 433->436 434->435 435->369 435->424 436->432
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1973F0: _fread_nolock.LIBCMT ref: 00007FF69E19749A
                                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF69E1919FB
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E192020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF69E191B4A), ref: 00007FF69E192070
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                              • Opcode ID: d342bd050b80ae67081b8d09b78cfe586e9a3ccb02bac190d8dffc1f5b2289e7
                                                                                                                                                                                                                              • Instruction ID: 2d69f020cdce0ad996588d4f8f1ae6404505359ceeb2cca558552a3bd21b289f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d342bd050b80ae67081b8d09b78cfe586e9a3ccb02bac190d8dffc1f5b2289e7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D816E71B0968295EB789B24E0C43B923A1FF68784F444076F98EC7799DE3CE5858760
                                                                                                                                                                                                                              Function 00007FF69E1915E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 437 7ff69e1915e0-7ff69e1915f1 438 7ff69e1915f3-7ff69e1915fc call 7ff69e191030 437->438 439 7ff69e191617-7ff69e191631 call 7ff69e1939f0 437->439 446 7ff69e19160e-7ff69e191616 438->446 447 7ff69e1915fe-7ff69e191609 call 7ff69e191e50 438->447 444 7ff69e191662-7ff69e19167c call 7ff69e1939f0 439->444 445 7ff69e191633-7ff69e191661 call 7ff69e1a5de8 call 7ff69e192020 439->445 454 7ff69e19167e-7ff69e191693 call 7ff69e191e50 444->454 455 7ff69e191698-7ff69e1916af call 7ff69e19fbcc 444->455 447->446 463 7ff69e191801-7ff69e191804 call 7ff69e19f544 454->463 461 7ff69e1916b1-7ff69e1916d4 call 7ff69e1a5de8 call 7ff69e192020 455->461 462 7ff69e1916d9-7ff69e1916dd 455->462 476 7ff69e1917f9-7ff69e1917fc call 7ff69e19f544 461->476 465 7ff69e1916df-7ff69e1916eb call 7ff69e1911f0 462->465 466 7ff69e1916f7-7ff69e191717 call 7ff69e1a5e24 462->466 471 7ff69e191809-7ff69e19181b 463->471 473 7ff69e1916f0-7ff69e1916f2 465->473 477 7ff69e191741-7ff69e19174c 466->477 478 7ff69e191719-7ff69e19173c call 7ff69e1a5de8 call 7ff69e192020 466->478 473->476 476->463 479 7ff69e1917e2-7ff69e1917ea call 7ff69e1a5e10 477->479 480 7ff69e191752-7ff69e191757 477->480 491 7ff69e1917ef-7ff69e1917f4 478->491 479->491 484 7ff69e191760-7ff69e191782 call 7ff69e19f894 480->484 492 7ff69e191784-7ff69e19179c call 7ff69e19ffd4 484->492 493 7ff69e1917ba-7ff69e1917c6 call 7ff69e1a5de8 484->493 491->476 499 7ff69e19179e-7ff69e1917a1 492->499 500 7ff69e1917a5-7ff69e1917b8 call 7ff69e1a5de8 492->500 498 7ff69e1917cd-7ff69e1917d8 call 7ff69e192020 493->498 505 7ff69e1917dd 498->505 499->484 502 7ff69e1917a3 499->502 500->498 502->505 505->479
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                              • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                              • Opcode ID: 309e4027ca95412ee9faba42603f6b5579a7da6b534e83076e499c3a5127f610
                                                                                                                                                                                                                              • Instruction ID: 582c1d607a9cec01a9258ab3920dad221f1efb19a7aa0152815412f0e1f0bc8a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 309e4027ca95412ee9faba42603f6b5579a7da6b534e83076e499c3a5127f610
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2517D61F0864392FA38AB25B4902B96391FF64794F8841B2FE1D87796DF3CE595C320
                                                                                                                                                                                                                              Function 00007FF69E197AC0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF69E193101), ref: 00007FF69E197B64
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00007FF69E193101), ref: 00007FF69E197B6A
                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00007FF69E193101), ref: 00007FF69E197BAC
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E197C90: GetEnvironmentVariableW.KERNEL32(00007FF69E192C4F), ref: 00007FF69E197CC7
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E197C90: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF69E197CE9
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1A9114: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1A912D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                              • API String ID: 365913792-1339014028
                                                                                                                                                                                                                              • Opcode ID: 2e52d3a269ba2fba32a796f721e029391d2490e1255413ade70f9a334cfbb104
                                                                                                                                                                                                                              • Instruction ID: 2f899ee456f5af8910dd103f0980fada7f89c7e42d15ee693dd5060d565c332f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e52d3a269ba2fba32a796f721e029391d2490e1255413ade70f9a334cfbb104
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4418F21F1D64252FA34EB25E8D52F96291FF68B90F8440B1FD0EC7796DE3CE5458260
                                                                                                                                                                                                                              Function 00007FF69E1911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 784 7ff69e1911f0-7ff69e19124d call 7ff69e19b2e0 787 7ff69e19124f-7ff69e191276 call 7ff69e191e50 784->787 788 7ff69e191277-7ff69e19128f call 7ff69e1a5e24 784->788 793 7ff69e191291-7ff69e1912af call 7ff69e1a5de8 call 7ff69e192020 788->793 794 7ff69e1912b4-7ff69e1912c4 call 7ff69e1a5e24 788->794 806 7ff69e191419-7ff69e19142e call 7ff69e19afc0 call 7ff69e1a5e10 * 2 793->806 800 7ff69e1912c6-7ff69e1912e4 call 7ff69e1a5de8 call 7ff69e192020 794->800 801 7ff69e1912e9-7ff69e1912fb 794->801 800->806 802 7ff69e191300-7ff69e191325 call 7ff69e19f894 801->802 813 7ff69e191411 802->813 814 7ff69e19132b-7ff69e191335 call 7ff69e19f608 802->814 821 7ff69e191433-7ff69e19144d 806->821 813->806 814->813 820 7ff69e19133b-7ff69e191347 814->820 822 7ff69e191350-7ff69e191378 call 7ff69e199720 820->822 825 7ff69e1913f6-7ff69e19140c call 7ff69e191e50 822->825 826 7ff69e19137a-7ff69e19137d 822->826 825->813 828 7ff69e19137f-7ff69e191389 826->828 829 7ff69e1913f1 826->829 830 7ff69e1913b4-7ff69e1913b7 828->830 831 7ff69e19138b-7ff69e191399 call 7ff69e19ffd4 828->831 829->825 832 7ff69e1913b9-7ff69e1913c7 call 7ff69e1bb040 830->832 833 7ff69e1913ca-7ff69e1913cf 830->833 835 7ff69e19139e-7ff69e1913a1 831->835 832->833 833->822 837 7ff69e1913d5-7ff69e1913d8 833->837 838 7ff69e1913af-7ff69e1913b2 835->838 839 7ff69e1913a3-7ff69e1913ad call 7ff69e19f608 835->839 841 7ff69e1913da-7ff69e1913dd 837->841 842 7ff69e1913ec-7ff69e1913ef 837->842 838->825 839->833 839->838 841->825 844 7ff69e1913df-7ff69e1913e7 841->844 842->813 844->802
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                              • Opcode ID: 0b06fb82d533cb4ecd4f46c144013089fd3ee3de2826cfc27ffae7048b7c178b
                                                                                                                                                                                                                              • Instruction ID: 5f24e14aa1e1b619edb470d4464151d3af3cdc3853ec66c01bb5db9ece5c4cc3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b06fb82d533cb4ecd4f46c144013089fd3ee3de2826cfc27ffae7048b7c178b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9651E122B0868241EA78AB11B4803BA62A1FFA57A4F484175FD4DC7BC5EF3CE585C720
                                                                                                                                                                                                                              Function 00007FF69E192A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF69E192BC5), ref: 00007FF69E192AA1
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E192BC5), ref: 00007FF69E192AAB
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E192310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E192AC6,?,00007FF69E192BC5), ref: 00007FF69E192360
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E192310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E192AC6,?,00007FF69E192BC5), ref: 00007FF69E19241A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                              • API String ID: 4002088556-2863816727
                                                                                                                                                                                                                              • Opcode ID: aed140f8d8e2637361ba54921802919f4f3b7eb641456186ceb893f60fbbd120
                                                                                                                                                                                                                              • Instruction ID: 573240ce2c2d56d649bc6abb3620cdb0e0dfc17d8a6449be81371fe29533e2b5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aed140f8d8e2637361ba54921802919f4f3b7eb641456186ceb893f60fbbd120
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52217F21F1864691FB749B21F8853BA2394FFA8794F8001B2F55EC66E9EE2CE505C724
                                                                                                                                                                                                                              Function 00007FF69E1AC8FC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 874 7ff69e1ac8fc-7ff69e1ac922 875 7ff69e1ac924-7ff69e1ac938 call 7ff69e1a5dc8 call 7ff69e1a5de8 874->875 876 7ff69e1ac93d-7ff69e1ac941 874->876 894 7ff69e1acd2e 875->894 878 7ff69e1acd17-7ff69e1acd23 call 7ff69e1a5dc8 call 7ff69e1a5de8 876->878 879 7ff69e1ac947-7ff69e1ac94e 876->879 896 7ff69e1acd29 call 7ff69e1ab7c4 878->896 879->878 881 7ff69e1ac954-7ff69e1ac982 879->881 881->878 884 7ff69e1ac988-7ff69e1ac98f 881->884 888 7ff69e1ac991-7ff69e1ac9a3 call 7ff69e1a5dc8 call 7ff69e1a5de8 884->888 889 7ff69e1ac9a8-7ff69e1ac9ab 884->889 888->896 892 7ff69e1ac9b1-7ff69e1ac9b7 889->892 893 7ff69e1acd13-7ff69e1acd15 889->893 892->893 898 7ff69e1ac9bd-7ff69e1ac9c0 892->898 897 7ff69e1acd31-7ff69e1acd48 893->897 894->897 896->894 898->888 901 7ff69e1ac9c2-7ff69e1ac9e7 898->901 903 7ff69e1ac9e9-7ff69e1ac9eb 901->903 904 7ff69e1aca1a-7ff69e1aca21 901->904 907 7ff69e1aca12-7ff69e1aca18 903->907 908 7ff69e1ac9ed-7ff69e1ac9f4 903->908 905 7ff69e1aca23-7ff69e1aca4b call 7ff69e1ae664 call 7ff69e1ab404 * 2 904->905 906 7ff69e1ac9f6-7ff69e1aca0d call 7ff69e1a5dc8 call 7ff69e1a5de8 call 7ff69e1ab7c4 904->906 937 7ff69e1aca68-7ff69e1aca93 call 7ff69e1ad124 905->937 938 7ff69e1aca4d-7ff69e1aca63 call 7ff69e1a5de8 call 7ff69e1a5dc8 905->938 935 7ff69e1acba0 906->935 909 7ff69e1aca98-7ff69e1acaaf 907->909 908->906 908->907 912 7ff69e1acab1-7ff69e1acab9 909->912 913 7ff69e1acb2a-7ff69e1acb34 call 7ff69e1b4b2c 909->913 912->913 916 7ff69e1acabb-7ff69e1acabd 912->916 926 7ff69e1acbbe 913->926 927 7ff69e1acb3a-7ff69e1acb4f 913->927 916->913 920 7ff69e1acabf-7ff69e1acad5 916->920 920->913 924 7ff69e1acad7-7ff69e1acae3 920->924 924->913 931 7ff69e1acae5-7ff69e1acae7 924->931 933 7ff69e1acbc3-7ff69e1acbe3 ReadFile 926->933 927->926 929 7ff69e1acb51-7ff69e1acb63 GetConsoleMode 927->929 929->926 934 7ff69e1acb65-7ff69e1acb6d 929->934 931->913 936 7ff69e1acae9-7ff69e1acb01 931->936 939 7ff69e1acbe9-7ff69e1acbf1 933->939 940 7ff69e1accdd-7ff69e1acce6 GetLastError 933->940 934->933 942 7ff69e1acb6f-7ff69e1acb91 ReadConsoleW 934->942 945 7ff69e1acba3-7ff69e1acbad call 7ff69e1ab404 935->945 936->913 946 7ff69e1acb03-7ff69e1acb0f 936->946 937->909 938->935 939->940 948 7ff69e1acbf7 939->948 943 7ff69e1acd03-7ff69e1acd06 940->943 944 7ff69e1acce8-7ff69e1accfe call 7ff69e1a5de8 call 7ff69e1a5dc8 940->944 950 7ff69e1acbb2-7ff69e1acbbc 942->950 951 7ff69e1acb93 GetLastError 942->951 955 7ff69e1acb99-7ff69e1acb9b call 7ff69e1a5d5c 943->955 956 7ff69e1acd0c-7ff69e1acd0e 943->956 944->935 945->897 946->913 954 7ff69e1acb11-7ff69e1acb13 946->954 958 7ff69e1acbfe-7ff69e1acc13 948->958 950->958 951->955 954->913 963 7ff69e1acb15-7ff69e1acb25 954->963 955->935 956->945 958->945 959 7ff69e1acc15-7ff69e1acc20 958->959 965 7ff69e1acc22-7ff69e1acc3b call 7ff69e1ac514 959->965 966 7ff69e1acc47-7ff69e1acc4f 959->966 963->913 974 7ff69e1acc40-7ff69e1acc42 965->974 970 7ff69e1acc51-7ff69e1acc63 966->970 971 7ff69e1acccb-7ff69e1accd8 call 7ff69e1ac354 966->971 975 7ff69e1accbe-7ff69e1accc6 970->975 976 7ff69e1acc65 970->976 971->974 974->945 975->945 978 7ff69e1acc6a-7ff69e1acc71 976->978 979 7ff69e1acc73-7ff69e1acc77 978->979 980 7ff69e1accad-7ff69e1accb8 978->980 981 7ff69e1acc93 979->981 982 7ff69e1acc79-7ff69e1acc80 979->982 980->975 984 7ff69e1acc99-7ff69e1acca9 981->984 982->981 983 7ff69e1acc82-7ff69e1acc86 982->983 983->981 985 7ff69e1acc88-7ff69e1acc91 983->985 984->978 986 7ff69e1accab 984->986 985->984 986->975
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 80356c07d7716e3a33c0607b4436fae4fe86914692bbbcb11f6e9f741b23577c
                                                                                                                                                                                                                              • Instruction ID: 916c05f46c9f49f610706a61eefaca6229687c7fa24c08b119aedc524c1ab6f5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80356c07d7716e3a33c0607b4436fae4fe86914692bbbcb11f6e9f741b23577c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49C1E122A4C78291E7708B1594842BD3B99FFA1BE0F5941B1FA4E83791DF7DE84D8320
                                                                                                                                                                                                                              Function 00007FF69E1979D0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 995526605-0
                                                                                                                                                                                                                              • Opcode ID: 2dbe312e9bad51c5a347f8555ec24f0658a64836a3ba09d3ac23aad2f9ca70f7
                                                                                                                                                                                                                              • Instruction ID: 07247fabcd9947f17e70951a10ea1753b425517c27480a277b1d826e30f1b5d8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2dbe312e9bad51c5a347f8555ec24f0658a64836a3ba09d3ac23aad2f9ca70f7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A215131E0C64282EA249B55F4C023AA3A1FFA57A0F180675FAAC87BE8DF6CD5558710
                                                                                                                                                                                                                              Function 00007FF69E1985D0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: GetCurrentProcess.KERNEL32 ref: 00007FF69E1979F0
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: OpenProcessToken.ADVAPI32 ref: 00007FF69E197A03
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: GetTokenInformation.KERNELBASE ref: 00007FF69E197A28
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: GetLastError.KERNEL32 ref: 00007FF69E197A32
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: GetTokenInformation.KERNELBASE ref: 00007FF69E197A72
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF69E197A8E
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1979D0: CloseHandle.KERNELBASE ref: 00007FF69E197AA6
                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00007FF69E193099), ref: 00007FF69E19865C
                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 00007FF69E198665
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                              • API String ID: 6828938-1529539262
                                                                                                                                                                                                                              • Opcode ID: f26ec0dcd69835f1fdfab6917ff37eee5f64ab48aaa57a2c57790bee01b0605b
                                                                                                                                                                                                                              • Instruction ID: 9cb132cbf4c113a26937366a41c51570035f46dcd734d439742ad5d6cffb13a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f26ec0dcd69835f1fdfab6917ff37eee5f64ab48aaa57a2c57790bee01b0605b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E218231E0874291F664AB10F8853EA6351FFA8780F444076FA4E97796DF3CD544C760
                                                                                                                                                                                                                              Function 00007FF69E197280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(00000000,?,00007FF69E1928EC,FFFFFFFF,00000000,00007FF69E19336A), ref: 00007FF69E197392
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateDirectory
                                                                                                                                                                                                                              • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                              • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                              • Opcode ID: 8e574211d35a3454bd1f80bb928e77a822a66f29249788f56d1187a589c5086b
                                                                                                                                                                                                                              • Instruction ID: e4c00158b9fc8b71af9fb3c49f0d97510401c8389067f31663fabd7582d0ec40
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e574211d35a3454bd1f80bb928e77a822a66f29249788f56d1187a589c5086b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9131C821B19AC585EA319B21F8907FA6354EF64BE0F444271FEAD877C9DF2CD2458720
                                                                                                                                                                                                                              Function 00007FF69E1ADE00 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1199 7ff69e1ade00-7ff69e1ade25 1200 7ff69e1ae0f3 1199->1200 1201 7ff69e1ade2b-7ff69e1ade2e 1199->1201 1204 7ff69e1ae0f5-7ff69e1ae105 1200->1204 1202 7ff69e1ade30-7ff69e1ade62 call 7ff69e1ab6f8 1201->1202 1203 7ff69e1ade67-7ff69e1ade93 1201->1203 1202->1204 1206 7ff69e1ade9e-7ff69e1adea4 1203->1206 1207 7ff69e1ade95-7ff69e1ade9c 1203->1207 1209 7ff69e1adeb4-7ff69e1adec9 call 7ff69e1b4b2c 1206->1209 1210 7ff69e1adea6-7ff69e1adeaf call 7ff69e1ad1c0 1206->1210 1207->1202 1207->1206 1214 7ff69e1adecf-7ff69e1aded8 1209->1214 1215 7ff69e1adfe3-7ff69e1adfec 1209->1215 1210->1209 1214->1215 1216 7ff69e1adede-7ff69e1adee2 1214->1216 1217 7ff69e1ae040-7ff69e1ae065 WriteFile 1215->1217 1218 7ff69e1adfee-7ff69e1adff4 1215->1218 1219 7ff69e1adee4-7ff69e1adeec call 7ff69e1a5210 1216->1219 1220 7ff69e1adef3-7ff69e1adefe 1216->1220 1221 7ff69e1ae070 1217->1221 1222 7ff69e1ae067-7ff69e1ae06d GetLastError 1217->1222 1223 7ff69e1adff6-7ff69e1adff9 1218->1223 1224 7ff69e1ae02c-7ff69e1ae03e call 7ff69e1ad8b8 1218->1224 1219->1220 1226 7ff69e1adf00-7ff69e1adf09 1220->1226 1227 7ff69e1adf0f-7ff69e1adf24 GetConsoleMode 1220->1227 1229 7ff69e1ae073 1221->1229 1222->1221 1230 7ff69e1ae018-7ff69e1ae02a call 7ff69e1adad8 1223->1230 1231 7ff69e1adffb-7ff69e1adffe 1223->1231 1246 7ff69e1adfd0-7ff69e1adfd7 1224->1246 1226->1215 1226->1227 1236 7ff69e1adfdc 1227->1236 1237 7ff69e1adf2a-7ff69e1adf30 1227->1237 1239 7ff69e1ae078 1229->1239 1230->1246 1232 7ff69e1ae084-7ff69e1ae08e 1231->1232 1233 7ff69e1ae004-7ff69e1ae016 call 7ff69e1ad9bc 1231->1233 1240 7ff69e1ae090-7ff69e1ae095 1232->1240 1241 7ff69e1ae0ec-7ff69e1ae0f1 1232->1241 1233->1246 1236->1215 1244 7ff69e1adfb9-7ff69e1adfcb call 7ff69e1ad440 1237->1244 1245 7ff69e1adf36-7ff69e1adf39 1237->1245 1247 7ff69e1ae07d 1239->1247 1248 7ff69e1ae0c3-7ff69e1ae0cd 1240->1248 1249 7ff69e1ae097-7ff69e1ae09a 1240->1249 1241->1204 1244->1246 1252 7ff69e1adf44-7ff69e1adf52 1245->1252 1253 7ff69e1adf3b-7ff69e1adf3e 1245->1253 1246->1239 1247->1232 1256 7ff69e1ae0cf-7ff69e1ae0d2 1248->1256 1257 7ff69e1ae0d4-7ff69e1ae0e3 1248->1257 1254 7ff69e1ae0b3-7ff69e1ae0be call 7ff69e1a5da4 1249->1254 1255 7ff69e1ae09c-7ff69e1ae0ab 1249->1255 1258 7ff69e1adfb0-7ff69e1adfb4 1252->1258 1259 7ff69e1adf54 1252->1259 1253->1247 1253->1252 1254->1248 1255->1254 1256->1200 1256->1257 1257->1241 1258->1229 1261 7ff69e1adf58-7ff69e1adf6f call 7ff69e1b4bf8 1259->1261 1265 7ff69e1adf71-7ff69e1adf7d 1261->1265 1266 7ff69e1adfa7-7ff69e1adfad GetLastError 1261->1266 1267 7ff69e1adf7f-7ff69e1adf91 call 7ff69e1b4bf8 1265->1267 1268 7ff69e1adf9c-7ff69e1adfa3 1265->1268 1266->1258 1267->1266 1272 7ff69e1adf93-7ff69e1adf9a 1267->1272 1268->1258 1270 7ff69e1adfa5 1268->1270 1270->1261 1272->1268
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69E1ADDEB), ref: 00007FF69E1ADF1C
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69E1ADDEB), ref: 00007FF69E1ADFA7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                                              • Opcode ID: b1b3b8c023f7ba687af61716d2192fb8b78e81e0c789d7bf84049ae76950eea3
                                                                                                                                                                                                                              • Instruction ID: abd8d3f4ad9fbfeee6452d04125e30808b7cfa1b067ed0abcd2f48ec8d5de8e3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1b3b8c023f7ba687af61716d2192fb8b78e81e0c789d7bf84049ae76950eea3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB91A362F48A5185F7709F6594C03BD2BA0FB64BACF1441B9EE0E97685DF38D48AC320
                                                                                                                                                                                                                              Function 00007FF69E1B0B9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                                              • Opcode ID: 2e6031cc300e1475187715cca5cdabb73b1d07b9bdc859d286f3c4b7aef44358
                                                                                                                                                                                                                              • Instruction ID: b8ff684ad1d51848f6c7bfd5755aa82884d88d53649b369e382567a2f4dea23b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e6031cc300e1475187715cca5cdabb73b1d07b9bdc859d286f3c4b7aef44358
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E510372F14212CAEB34DF65D9D56BC27A1EB20358F580279FD1E92BE8DF38A5428710
                                                                                                                                                                                                                              Function 00007FF69E1A66D8 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                                              • Opcode ID: 7aea2cec07b43bd3a62d7cb92d6e4f171015a752618fb1c816dd601643431e78
                                                                                                                                                                                                                              • Instruction ID: a4b99929a05b1363b9da7f3ac5dc4578883b3de9b461f27a8552aa54551856a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7aea2cec07b43bd3a62d7cb92d6e4f171015a752618fb1c816dd601643431e78
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4519222E186418AF724CFB0D4803BD33A5EF64B68F154574EE0E97648DF38D489C760
                                                                                                                                                                                                                              Function 00007FF69E1A6584 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                              • Opcode ID: 615a019661923f18b870c88d8c8c2e3de58a1ea0c3f5553ccf0a12bc46e2c946
                                                                                                                                                                                                                              • Instruction ID: 972609c09b9ddc3f1ffd108bbdd87e9af2ca35b4acaad9bf9a05c08f5190d361
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 615a019661923f18b870c88d8c8c2e3de58a1ea0c3f5553ccf0a12bc46e2c946
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA41A162E1878283E7649B2195903797260FFB5764F109374F66C83AD6DF7CE4E48720
                                                                                                                                                                                                                              Function 00007FF69E19F634 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 919e35f825c4b2d0c47f1daa14334d7665f7d6761e0e1dfe6f75020668a0049a
                                                                                                                                                                                                                              • Instruction ID: 1be00c53b70dbf55f9fb0da38f5a166946e9329541ed1591f933b121ae1f373c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 919e35f825c4b2d0c47f1daa14334d7665f7d6761e0e1dfe6f75020668a0049a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3510821F09B8296FA789E25A48067A6291FF68BB4F144774FD7C877D9CF3CE4418620
                                                                                                                                                                                                                              Function 00007FF69E19C19C Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1236291503-0
                                                                                                                                                                                                                              • Opcode ID: 0062f537d7c131bdaaf4aef5eb59421e6e9ee6bfc8727e8bca4d357a962c4ab6
                                                                                                                                                                                                                              • Instruction ID: dc87d0d1e768ca5f01d2cefcf49844a80befc7fc0432e0402bb41aadc727254f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0062f537d7c131bdaaf4aef5eb59421e6e9ee6bfc8727e8bca4d357a962c4ab6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04311B21E4C20342FA74ABA5A4D13B91291EFA5784F4440B5FA8DCB7D7DE2CB4448671
                                                                                                                                                                                                                              Function 00007FF69E1AD2B8 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                                                                              • Opcode ID: 336ff322d096320c7609ad2a1ebfb1af701ecd8db59b0b6a36a9cc413741d25d
                                                                                                                                                                                                                              • Instruction ID: 08485d938d39b7223dce87a1134b404a4e4fa376a58007fb0efd60f92f524b86
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 336ff322d096320c7609ad2a1ebfb1af701ecd8db59b0b6a36a9cc413741d25d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2531B362A18F4581EB348B1585D027C6650FF65BB4F6903B9EB6E873E0CF38E4A5C310
                                                                                                                                                                                                                              Function 00007FF69E1ACFD4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF69E1ACFC0,?,?,?,00000000,?,00007FF69E1AD0C9), ref: 00007FF69E1AD020
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF69E1ACFC0,?,?,?,00000000,?,00007FF69E1AD0C9), ref: 00007FF69E1AD02A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                              • Opcode ID: c8d9032d6f18d1acbd55ff3d5784a6e8b9f1708e95d0104a6ada3112851001ef
                                                                                                                                                                                                                              • Instruction ID: 543f56c799c393360bac886190e69c6aee036643aa23b23035274b0bf5596ae3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8d9032d6f18d1acbd55ff3d5784a6e8b9f1708e95d0104a6ada3112851001ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611C461A08B4181DA208B25F58417D6361EB54BF4F540771FE7D8B7D9CF7CD0558704
                                                                                                                                                                                                                              Function 00007FF69E1A6880 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69E1A6795), ref: 00007FF69E1A68B3
                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69E1A6795), ref: 00007FF69E1A68C9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                              • Opcode ID: 3a94ee504119d0a5112130d15b8324ff604b1d1e2425208ec9014ecb5db7cc3c
                                                                                                                                                                                                                              • Instruction ID: 6132af5755202f9644e71be222681d4778315cd74f8b49e077f8d86519a56395
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a94ee504119d0a5112130d15b8324ff604b1d1e2425208ec9014ecb5db7cc3c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B111A331A0C65681EB748B11A48113EB760FB95771F51027AFA9EC1AE8EF7CD048CB10
                                                                                                                                                                                                                              Function 00007FF69E1AB404 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB41A
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB424
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                              • Opcode ID: 0e9bd81d70d272d571b15e7d509907a6bc8aa23799849ce19584cafaa201c9c5
                                                                                                                                                                                                                              • Instruction ID: 8fadb2bb18ef992cef606f2fe410f866240c901eee22bf2c8df04c646928ebb3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e9bd81d70d272d571b15e7d509907a6bc8aa23799849ce19584cafaa201c9c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2EE0EC90F4D64282FF396BF298D91782591DFB8760B4844B4F90ED7366DF2CA8898330
                                                                                                                                                                                                                              Function 00007FF69E1ABA00 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,00007FF69E1AB87D,?,?,00000000,00007FF69E1AB932), ref: 00007FF69E1ABA6E
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF69E1AB87D,?,?,00000000,00007FF69E1AB932), ref: 00007FF69E1ABA78
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                                              • Opcode ID: 77e2bcd66fe63b7e32e9c420d5456187ea64b38b498190725808e49f9c0985ab
                                                                                                                                                                                                                              • Instruction ID: b009b451a414f05f670a56cba398d0f7075b6ebfa9906927bb8137a733417eb8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77e2bcd66fe63b7e32e9c420d5456187ea64b38b498190725808e49f9c0985ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE219F61F4868241FE746B25A4D92BD1281DFA47B0F0442B5FA2ECB3D2DE6CE4C94320
                                                                                                                                                                                                                              Function 00007FF69E1ACD4C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: cef91153d0287460df793cf75ca837be229cde64a0ee5071419af57252f7b7cb
                                                                                                                                                                                                                              • Instruction ID: 40202bdea925d03a5a4d5c8ad722f144feb6d2391889fb6b8d97333ca5afc71d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cef91153d0287460df793cf75ca837be229cde64a0ee5071419af57252f7b7cb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A41A232A4864187EA34DB19E5802B97BA4EF76BA0F140171E78EC76D1CF3CE446C761
                                                                                                                                                                                                                              Function 00007FF69E1973F0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                                              • Opcode ID: bc451c1bb998497f3b6f91ccb9b977b5a062c4553cc5acf2a4cf65de4beec71f
                                                                                                                                                                                                                              • Instruction ID: e521d1b28f8217583aaf9bd3ec9d33ed1dd49639a0384384c5f1f48a6a6e0f12
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc451c1bb998497f3b6f91ccb9b977b5a062c4553cc5acf2a4cf65de4beec71f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B219421B0869257FA309A16B9847BA9A41FF65BD4F8844B0FD0D87787CF3CE045C210
                                                                                                                                                                                                                              Function 00007FF69E1AC7DC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ec9d5ae5a000e04b57470e1a65c1a2ebd8d322b6e5cd5ccd1e774105d6e8e50b
                                                                                                                                                                                                                              • Instruction ID: b6deebae02b7d1c8b4be6433517ae9ea7c737764fff8824e7971b85a064cb4cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec9d5ae5a000e04b57470e1a65c1a2ebd8d322b6e5cd5ccd1e774105d6e8e50b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC318D62E5C61285E7716B69988137C2654FFA0BB4F4202B6FA1D933D2CF7CE4898734
                                                                                                                                                                                                                              Function 00007FF69E1A6EF4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                              • Instruction ID: ef8b096386033fdba4f52dea2b83e231c44652aef57c9d2bb55f21f2f86c9587
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41117222A4C68181EA70DF51D88027EB2A0FFA5BA4F4440B1FB4CD7B96DF7DD8588760
                                                                                                                                                                                                                              Function 00007FF69E1B7564 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 3767eff042e46cd651120d9163f396646e5b690a05a83219cc7a0fcdceb2a680
                                                                                                                                                                                                                              • Instruction ID: 0236e77d4031e390ea11f4227e8dacb13f99dd211d053198b0353619cac4cacc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3767eff042e46cd651120d9163f396646e5b690a05a83219cc7a0fcdceb2a680
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09216572A0868287DB718F18E48037976A0EB94B54F184374F65DC77D9DF3CD4448B10
                                                                                                                                                                                                                              Function 00007FF69E19F8B4 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                              • Instruction ID: 7ab0798bc8eb72419f0089d66657c4324d5cf7cf38d1a6cd3f98fd27abd3f83c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8701F921B08B8650EA24DB52A940079A695FFA9FF0F4C42B1FE6C93BDACF3CD4418710
                                                                                                                                                                                                                              Function 00007FF69E1A8DD8 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 9a713ab2503aafe04daa5f14995e032ba301d87e983ca10af8f2e6f3b05e04b1
                                                                                                                                                                                                                              • Instruction ID: 39b0b4055371f0b23749375db30eef20d6eb67031e9154285a52140f0d32ee9b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a713ab2503aafe04daa5f14995e032ba301d87e983ca10af8f2e6f3b05e04b1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE01B520E8D642D0FE785B65E5C8279A190EF34BB0F844AB6F91DC26D6DF3CE4894230
                                                                                                                                                                                                                              Function 00007FF69E1A9114 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                                                                                                              • Instruction ID: d19495edc04142151c3ae8514a27ac95389bf5c4f687736b73a075f959a7122f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFE0EC90F8820746FB743AA459CA5792150CF78771F4040F4FA09D62C3DE2CA89D5631
                                                                                                                                                                                                                              Function 00007FF69E19C37C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF69E19C390
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E19CDB8: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF69E19CDC0
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E19CDB8: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF69E19CDC5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1208906642-0
                                                                                                                                                                                                                              • Opcode ID: 86517d9d3c6548b93fa1a500576de9512fe9d6a130677b1fbe86fe464c74cea3
                                                                                                                                                                                                                              • Instruction ID: 10902c639a5bc3dc35a85864d6ae186545c6a14fd25b0e0fcfba83f9b6c85eac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86517d9d3c6548b93fa1a500576de9512fe9d6a130677b1fbe86fe464c74cea3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CEE0E264D0D24382FEB8A66139C62FD1780CF75304F4000FAF88EE21C39E0E329A11B6
                                                                                                                                                                                                                              Function 00007FF69E1AFDA4 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,00000000,00007FF69E1AC1CA,?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332), ref: 00007FF69E1AFDF9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: c31ce9282523e7e70075863a15ee72f4cf677a1c6170370e1c64cff724d2af1b
                                                                                                                                                                                                                              • Instruction ID: fe9f6fa48b7f17efc5ee146f15ac9fdd34c561ac3db770b9f545f21a65807490
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c31ce9282523e7e70075863a15ee72f4cf677a1c6170370e1c64cff724d2af1b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAF01254B8920385FE755AA299D13B55290EF7D7B0F4C44B1ED0EC67D2EE2CE4898230
                                                                                                                                                                                                                              Function 00007FF69E1AE664 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF69E1A0208,?,?,?,00007FF69E1A1872,?,?,?,?,?,00007FF69E1A4535), ref: 00007FF69E1AE6A2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: 3c31cf8336a648e9ecfad8ff9b709a6d49b8502715341f1fffc2c41753e32efa
                                                                                                                                                                                                                              • Instruction ID: 15920640b87c0037a3a3ede04b6f74f25f5e1bf4ee8ff7e196daa82f7e4127d0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c31cf8336a648e9ecfad8ff9b709a6d49b8502715341f1fffc2c41753e32efa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F0FE50E9D20245FA756AE259C12791290DFA87B0F484AB0FD3EC73C1EE2CE4988531

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF69E194C60 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194C70
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194C82
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194CB9
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194CCB
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194CE4
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194CF6
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D0F
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D21
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D3D
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D4F
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D6B
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D7D
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194D99
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194DAB
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194DC7
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194DD9
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194DF5
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E19592F,00000000,00007FF69E19272E), ref: 00007FF69E194E07
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                              • API String ID: 199729137-653951865
                                                                                                                                                                                                                              • Opcode ID: 6de625b0afea0fd6aae27801294b81f6dcb0a9a8ec30d5caabbdf6c35f3913e6
                                                                                                                                                                                                                              • Instruction ID: d3642ea2e8e426fdec87c7a4fbe80a9d74c528f799cb8a2b259d0cdacf473757
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6de625b0afea0fd6aae27801294b81f6dcb0a9a8ec30d5caabbdf6c35f3913e6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B22A674D0DB0B95FA799B64B8D467823A4EF34785B9814B5F40E82368EF3CB589C231
                                                                                                                                                                                                                              Function 00007FF69E1B52BC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                                                                              • Opcode ID: c4575524e8ee86fd9a87cba2ac56affb94fab6ef5813881534f138d5465f61b4
                                                                                                                                                                                                                              • Instruction ID: bfe1afa5c8f548d2f6277e67e0da7e128d2b18ec3fb60c551460e22a6c8cad30
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4575524e8ee86fd9a87cba2ac56affb94fab6ef5813881534f138d5465f61b4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74B2B172E182828BE7758F65D5807FD37A2FB64388F585175EA0D97B88DF38E9008B50
                                                                                                                                                                                                                              Function 00007FF69E197820 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                              • String ID: %s\*
                                                                                                                                                                                                                              • API String ID: 1057558799-766152087
                                                                                                                                                                                                                              • Opcode ID: a59324ccc20e9abc9d1c8baff1f563e98a4915fa2aaf86765e83aa4fac58e8fb
                                                                                                                                                                                                                              • Instruction ID: 35f91e830464491859b42c58a147148c85f717f18738a0651b53f28f65b0226b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a59324ccc20e9abc9d1c8baff1f563e98a4915fa2aaf86765e83aa4fac58e8fb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B413121E1C94692EA309B24F4C42BD63A1FFA4764F940672F99EC3698DF3CD54AC750
                                                                                                                                                                                                                              Function 00007FF69E19A20D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                              • API String ID: 0-2665694366
                                                                                                                                                                                                                              • Opcode ID: ad07e8188c613946626f78378622a9a621fd1c9396756703324ddb84a9a7dc26
                                                                                                                                                                                                                              • Instruction ID: 2df0d710d6232a3e1e3b57d2d2685e7d7d80d6d4bf311e5eb2f8d0538b8b2cd1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad07e8188c613946626f78378622a9a621fd1c9396756703324ddb84a9a7dc26
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1152E576A146A68BE7648F14E498B7E3BA9FB54340F054139F64AC7780DF3DE944CB10
                                                                                                                                                                                                                              Function 00007FF69E19C69C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                              • Opcode ID: 4c3f9a964b5662b5dbbc0689ef1495c1f66ffbf8daaed71a8dc58c0a28c42fd7
                                                                                                                                                                                                                              • Instruction ID: 48d8fc9ba8795f670667c0c656e05ca22a1300938ae2322315dd79c9dadac135
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c3f9a964b5662b5dbbc0689ef1495c1f66ffbf8daaed71a8dc58c0a28c42fd7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B314172A08B8186EB749F60E8807EE7364FB94744F44407AEA4D87B98DF38D648C720
                                                                                                                                                                                                                              Function 00007FF69E1AB4F8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                              • Opcode ID: c2ba82a54335b4e9d04d7430b1e7b135fe56bba1662feab656e26de9ce49381a
                                                                                                                                                                                                                              • Instruction ID: 02b87f0e702df08b2c726129fb5cd14f62dbd9b47dc2ac2e430f8e6b3417860f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2ba82a54335b4e9d04d7430b1e7b135fe56bba1662feab656e26de9ce49381a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6315E32A08F8186EB748F25E8807AE73A4FB98754F540176EA9D83B59DF38C545CB10
                                                                                                                                                                                                                              Function 00007FF69E1B2A84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                                              • Opcode ID: f48cdeeaa627aae7c3eec5e50addf66f248ab40f3829e93bfdfbfe5e0fd658b4
                                                                                                                                                                                                                              • Instruction ID: 956beb202ab77a13739cdc004e267d500a4d63bb8865a9ec81726f8d36cf56dc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f48cdeeaa627aae7c3eec5e50addf66f248ab40f3829e93bfdfbfe5e0fd658b4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBB1B722F1869241EB719B21E5806B963A1FB68BE4F484171FE5E87BDDDE3CE449C310
                                                                                                                                                                                                                              Function 00007FF69E19C580 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                              • Opcode ID: d3533d9dc536a73865986143b90d72cf7f467817cff5a9e1fc853e7b0dbb7422
                                                                                                                                                                                                                              • Instruction ID: fb7dcd82c348df1762a924d6e86c066ad9c6bc81028ad29900b25556172e59f7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3533d9dc536a73865986143b90d72cf7f467817cff5a9e1fc853e7b0dbb7422
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93115A26B14F058AEB10DF60E8942B833A4FB28758F040E31EA6D827A8DF3CD1948350
                                                                                                                                                                                                                              Function 00007FF69E1B4E20 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1502251526-0
                                                                                                                                                                                                                              • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                              • Instruction ID: 8b9598c42af2be669f837b758dad462e972c2f3554ae0d254eaf521387dca06f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DC1D672F1968687E734CF59A08466AB792FBA4784F488175EB4E87748DF3DE801CB40
                                                                                                                                                                                                                              Function 00007FF69E1999D4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                              • API String ID: 0-1127688429
                                                                                                                                                                                                                              • Opcode ID: 6e2020b5cb39277fe5e5e4e5c4a13ab7fb1d5b65fd85fadca5bee3537132e9f6
                                                                                                                                                                                                                              • Instruction ID: 845ce4bf32c0b3fbee4ac7524b7bb62ce6b013942fa0ff5df7e9f02228213a67
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e2020b5cb39277fe5e5e4e5c4a13ab7fb1d5b65fd85fadca5bee3537132e9f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBF19F72A183D58BE7B58B15E4C8A3E3AE9FF64744F0645B9EA4987390CF38E940C750
                                                                                                                                                                                                                              Function 00007FF69E1BA938 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                                                                              • Opcode ID: cc6ff36f15a987c5b1bf507e00e0aa7011c6f5d0d309d4bd8392734804a295b4
                                                                                                                                                                                                                              • Instruction ID: 5e4436b9dec1f57399b737655dfab4b1619403b50869bb334f8268a4fe053bd6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc6ff36f15a987c5b1bf507e00e0aa7011c6f5d0d309d4bd8392734804a295b4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48B15E73A04B898BE725CF29C58636C7BA0F754B88F198961EB5D837A8CF39D451C710
                                                                                                                                                                                                                              Function 00007FF69E1A43F0 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                                              • Opcode ID: 0021d0b55369085dcf1ff5482033bdc548e1137304a7c6608840e23669f70ad1
                                                                                                                                                                                                                              • Instruction ID: eeb3061ef5102ec6083c7cac81c875e601fb4893208a9fb73bf95a11c3fb2575
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0021d0b55369085dcf1ff5482033bdc548e1137304a7c6608840e23669f70ad1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECE13772A4864282EB788F2990D013D33A0FF65B68F144275EA5E83794CF3DE849C768
                                                                                                                                                                                                                              Function 00007FF69E19983B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                              • API String ID: 0-900081337
                                                                                                                                                                                                                              • Opcode ID: 54a98338222019f7aed6b75a4533e603b1a02d8b4749202910f179bc825ff2c3
                                                                                                                                                                                                                              • Instruction ID: 4ffde71a9676dc730c0bff78f351f8516a3352d53b97dc854e9ea58b72e59cff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54a98338222019f7aed6b75a4533e603b1a02d8b4749202910f179bc825ff2c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04919676A182868BE7B48B14E4C8B7E3AA9FB54354F154179EA4AC77C0CF3CE944CB10
                                                                                                                                                                                                                              Function 00007FF69E1AEF58 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                                                                              • Opcode ID: 8b6ee54fbb186269fe71b90b1026ad24f386125e73444afbdf5cadaf5bd6b187
                                                                                                                                                                                                                              • Instruction ID: 1e950ae80326c0ce83336d026d28ccff9488ddb007c2ee14d3ead53b55c85313
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b6ee54fbb186269fe71b90b1026ad24f386125e73444afbdf5cadaf5bd6b187
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D515B62B182C546E7348A35E98077D6791F768BA4F488271EBA8C7EC5CE3DD4498710
                                                                                                                                                                                                                              Function 00007FF69E1AEAC4 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                                                                              • Opcode ID: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                                                                                                              • Instruction ID: 661721e568ffc2728cc1c1093355951891b84b66438b1725ab51dea8bebc5249
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBA16A62B087C686EB31CF2590807B97B91EB60BE4F448072EE4D87785DE3DE44AC711
                                                                                                                                                                                                                              Function 00007FF69E1A9670 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                              • Opcode ID: 99790e8c3e6fb60506200e2aa0b8d900239d419619a9b9dba0657c5dbd7d84e4
                                                                                                                                                                                                                              • Instruction ID: 7c04cd8213ebf835f9e8c67a3cc822a89bc83568293f85fceeff0ac5fb00bdf4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99790e8c3e6fb60506200e2aa0b8d900239d419619a9b9dba0657c5dbd7d84e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8351A311F8834241FE74AB66758157A6291EFA4BE4F4844B4FE0DC7796DE3CE48A8220
                                                                                                                                                                                                                              Function 00007FF69E1B4690 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                                              • Opcode ID: 8d8bf03bc1d3c2add78311a657f4b90d934f15b0b18570f2c87e070252fc9345
                                                                                                                                                                                                                              • Instruction ID: 2cf860dd5ea5cc6ef4267e0cf2b9fc783ab16e04a0139d8c8fde93afb3bfec9a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d8bf03bc1d3c2add78311a657f4b90d934f15b0b18570f2c87e070252fc9345
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47B09224E17A02C6EA582B916CC231822A4BF68710F9844B9E00C81320DE2C20EA5720
                                                                                                                                                                                                                              Function 00007FF69E1A3F2C Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 452a8a0d8feebdf1122eaccf447c44c0daa3d090f9a155463ed8f505442a48ba
                                                                                                                                                                                                                              • Instruction ID: 2e773ceddcebc050232eed696c5dc546970f27ead5007a71d576ad9a30afd35f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 452a8a0d8feebdf1122eaccf447c44c0daa3d090f9a155463ed8f505442a48ba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91E1E426A4824282EB789E25C1C027D27A1FFA0B64F144175EE4E877D9CF3DE84DD369
                                                                                                                                                                                                                              Function 00007FF69E1A36F0 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c1d7b7b3454c8bcad5c9b4cf135b982f8fa5d1e780f0237f0391cdb5e6506841
                                                                                                                                                                                                                              • Instruction ID: 4ce22bda59483f1a482eb3f32a4ad59e62b7b2cca55ad04f15a56be1538e0d38
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1d7b7b3454c8bcad5c9b4cf135b982f8fa5d1e780f0237f0391cdb5e6506841
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60E1D672A4864285E7788E28C1D437C2791EB65B74F148275EE4EC76D6CF3DE889C360
                                                                                                                                                                                                                              Function 00007FF69E1A3B28 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5cd5c4a82e290d99fc75fabc4b345746dc03237e35c2450d1ffc439358ea8dbf
                                                                                                                                                                                                                              • Instruction ID: a27a537081519b00b2a790f255f0f80769a4a93fe4fcc1d977b44a4e60be24d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cd5c4a82e290d99fc75fabc4b345746dc03237e35c2450d1ffc439358ea8dbf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62D1E832A4864285EB798E29C48037D27A0FF65B68F544276EE0DC76D6DF3DE849C360
                                                                                                                                                                                                                              Function 00007FF69E198D60 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 6192ed08a1a978d00d287ecd5f622c1b7fed234d7f6e4ec670f252232e35394f
                                                                                                                                                                                                                              • Instruction ID: 0d8194af921354ec66e4d3336148f172983516543e80ee77bdd7c253fbe6b469
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6192ed08a1a978d00d287ecd5f622c1b7fed234d7f6e4ec670f252232e35394f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67C19AB22141E14BD299DB29E46957B73E1F798389BC4807BEF8B47B85CA3CE014D711
                                                                                                                                                                                                                              Function 00007FF69E1A23C0 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: f16fb8a4f792395a96249c32a5e1723cb20c7f6a9977c10f3922fef282cb15bd
                                                                                                                                                                                                                              • Instruction ID: 98eeb5c3079dda25cda4230cd5edf9a3cb4742a3a729351dd1259ee08091471b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f16fb8a4f792395a96249c32a5e1723cb20c7f6a9977c10f3922fef282cb15bd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AB1BE72A4964185E7749F39C1A027D3BA0FB2DB68F1841B5EE4D87399DF39D848C720
                                                                                                                                                                                                                              Function 00007FF69E1A2758 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 67ea6f0edc2c58364f58995ddce025b390f3c278012a74096240329ea132a1c8
                                                                                                                                                                                                                              • Instruction ID: e88989d0493c21b5ced674bd496c01aeb8528e977491297829bd9db6d6c8f95b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67ea6f0edc2c58364f58995ddce025b390f3c278012a74096240329ea132a1c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BB18F7294879589E7758F39C19023C3BA0E769F68F2401B5EB4E87799CF39D889C720
                                                                                                                                                                                                                              Function 00007FF69E1AF5D8 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 847d6bf65b96cba8c7d30e9d62c328f88bdcc6dffd0926808ea1049b5e5cea66
                                                                                                                                                                                                                              • Instruction ID: 4dc61289d53282d0c5ce6da26df9f056919cc45e7c955ddd348542c54ce9807b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 847d6bf65b96cba8c7d30e9d62c328f88bdcc6dffd0926808ea1049b5e5cea66
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA81F472A4878146E7B4CF29A4C037A7A90FB697E4F144275EA9D83F99CF3CD4488B10
                                                                                                                                                                                                                              Function 00007FF69E1B7628 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: b59436847b04fb0d62a580c32b85b0eb8f16ff054c2966653e54822e0f4ea234
                                                                                                                                                                                                                              • Instruction ID: 206976907fad4bde8455635440bc4fd6c0cde1723270a5abe5fadbe64390c5b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b59436847b04fb0d62a580c32b85b0eb8f16ff054c2966653e54822e0f4ea234
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5961D222E0C29247F7758A2894D437D6681EF60370F5843B9FA2EC6BD9DE7DE8408720
                                                                                                                                                                                                                              Function 00007FF69E1A16DC Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                              • Instruction ID: 17dc75e5a4f0bbdb5915b46f1a552c118ca0bc308d0f2d84e0caadf42aaaa618
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC51C8B6B5865186E7388B29C08023833A1EB64F78F285171EE4D97794DF3AE887C750
                                                                                                                                                                                                                              Function 00007FF69E1A0EBC Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                              • Instruction ID: 86b4236ed6a393fcf8c0bd2f030109637c97f4360e5a387a96d3cdccba034dc2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07519472B58A51C6E7348B29C09027D37A0EB65B78F244171EE4D977A4CF3AE84BC750
                                                                                                                                                                                                                              Function 00007FF69E1A12CC Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                              • Instruction ID: 8ac30891c3aabdcebb228cd9f2a8850f7d3fd396d4451da5ba0ba79f4a6706ce
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB5190B6B5865182E7388F29C08027833A0EB64B78F284175EA4D87B95CF3AE847C750
                                                                                                                                                                                                                              Function 00007FF69E1A10C8 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                                                                                                              • Instruction ID: 73f81e90901f900a22a1fe3a71833c65caee87b46816fd553d1f0f026e189759
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF51B3B6B5865186E7388B29C08027837B1EB64F68F284171EE4C87795CF3AEC47C790
                                                                                                                                                                                                                              Function 00007FF69E1A14D8 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                                                                                                              • Instruction ID: 28669a959dfdffa5579454b20291d245f827a4a94f542271d2a1be73e9dbc83f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A651B3B6B5865186E7388B29C08427837B0EB65F78F284171EE4DC7795CF3AE846C750
                                                                                                                                                                                                                              Function 00007FF69E1A0CB8 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                                                                                                              • Instruction ID: 0a1ef28aa302dd27a5ce6d9fe356656e922c5266a3912cd13d1db009d7097b42
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE519037A58651C6E7348B29C08023937A0EB65B68F244171EE4D977A4CF3AF84BC750
                                                                                                                                                                                                                              Function 00007FF69E1A6C90 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                              • Instruction ID: 7d33216871b1c88e7dbad5fe8c7a47ea47245fb44727557a96b461823f761ee1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B419F5288978E45E9B5C968C5846B83A80DF32BF0F5852F0EDE9D73D7CD1D259E8220
                                                                                                                                                                                                                              Function 00007FF69E1AADC0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                              • Opcode ID: 8ebaae5e878847fb0972dee39ef615be72aee41a86628d284291b13d6747971f
                                                                                                                                                                                                                              • Instruction ID: 07c30b0de13817b69e0b783730c5cab22065d8588c155c94df1589400cff9293
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ebaae5e878847fb0972dee39ef615be72aee41a86628d284291b13d6747971f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C41D362714A5582EF18CF2AD99417DA3A2FB58FD0F099036EE0DD7B68DE3CD0468300
                                                                                                                                                                                                                              Function 00007FF69E1A8FC0 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                                                                                                              • Instruction ID: 78f0ec45a89b30169bfe873da0c9cd20825b8d1c43bf961cf4e77018fb90a968
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA31B432B08B8242EB749F25758013D7698EF94BE0F184278FA9E93B96DF3CD0468314
                                                                                                                                                                                                                              Function 00007FF69E1BA780 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 00e5edaf8da66d94c9ca9aff6d9c04a456296df9a737362746998e6ef114c740
                                                                                                                                                                                                                              • Instruction ID: 0f419fedd4a8058c6486c42aaf8f6416702dba7509df4846452b6229a4211140
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00e5edaf8da66d94c9ca9aff6d9c04a456296df9a737362746998e6ef114c740
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10F06871B282959ADBA4CF2DA44362977E0F7183C0F90807AE68DC3B04DB7CD0508F14
                                                                                                                                                                                                                              Function 00007FF69E19C840 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c92d020b70be0a3987cc02b3edb33e09e79c2d1aa04247a81d94d631aa8b8d9b
                                                                                                                                                                                                                              • Instruction ID: 3d451c750005e850dd04cb4d8655cf118f0bb26f834e89fd84e6e782a342b583
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c92d020b70be0a3987cc02b3edb33e09e79c2d1aa04247a81d94d631aa8b8d9b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FA00121918882D0F6689B00A9A41206361FB75300B8600F5E05D811A89F6CA4408260
                                                                                                                                                                                                                              Function 00007FF69E196B20 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 199729137-3427451314
                                                                                                                                                                                                                              • Opcode ID: 3545b632f7dd823c1b1133c9911c0dd850097e31ef49371059c2c54a7d8a6d57
                                                                                                                                                                                                                              • Instruction ID: a931f7f5b940a0105a9df27c3afbf2d041e0b9a486986414c3289a400095341b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3545b632f7dd823c1b1133c9911c0dd850097e31ef49371059c2c54a7d8a6d57
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B029664E0DB0791FA799B64B9D46B82361FF38784B8805F5F40E86368EF3CA549C231
                                                                                                                                                                                                                              Function 00007FF69E197630 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1988F0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF69E193A24,00000000,00007FF69E191965), ref: 00007FF69E198929
                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF69E197B17,FFFFFFFF,00000000,?,00007FF69E193101), ref: 00007FF69E19768C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                                                                              • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                              • API String ID: 2001182103-930877121
                                                                                                                                                                                                                              • Opcode ID: 707c7b7851dfd3ef8d883f7eed24ffe0d7b91c1d10e5f50f89d3ac19d4dd3b00
                                                                                                                                                                                                                              • Instruction ID: cf22801d48563de100967e01b3eb1e6f6f89d88a652893506da683d61c7fe9ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 707c7b7851dfd3ef8d883f7eed24ffe0d7b91c1d10e5f50f89d3ac19d4dd3b00
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31519621F2C64252FA78DB25F9D56FA2251FFB4780F4404B2F90EC2699EE2CE1458760
                                                                                                                                                                                                                              Function 00007FF69E197520 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                              • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                              • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                              • Opcode ID: c723b84fa84041d2a065d0033a4badd5460eb4b6c3bbebd043b9f2ff103e8564
                                                                                                                                                                                                                              • Instruction ID: 1275f1ee9173335020e219f0add379101b3ec25d9543c33318dd4f36eca7c9cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c723b84fa84041d2a065d0033a4badd5460eb4b6c3bbebd043b9f2ff103e8564
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2219A61F08A4282F7695B7AB8C42796350EFA8B90F4D4170FE1DC33A9DE3CD5858321
                                                                                                                                                                                                                              Function 00007FF69E1A71F0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: -$:$f$p$p
                                                                                                                                                                                                                              • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                              • Opcode ID: e9dff4c7d7db8c9caf29eda043108d28daa86f10b799ebf646d9334941ecdb5d
                                                                                                                                                                                                                              • Instruction ID: a7bcb9e5e34939559073b49627eacafd38194e2a0039958920cbdc9efee7482e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9dff4c7d7db8c9caf29eda043108d28daa86f10b799ebf646d9334941ecdb5d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D712A462E4C24387FB346B14E09467A7691FB60770F844576F69A876C4DF3CEA88CB24
                                                                                                                                                                                                                              Function 00007FF69E1A0540 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                              • Opcode ID: a928b4930c166735193e7b4620c82218776b27d3a8fd15f56e8eec83f28e26cd
                                                                                                                                                                                                                              • Instruction ID: 25fa106d0e7e921b5dc0be05a6d37b3d33d0cb9daada96fff9755bff595275a4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a928b4930c166735193e7b4620c82218776b27d3a8fd15f56e8eec83f28e26cd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E12B266E4C143C6FB309E14E0946BA7261FB60764FC84171F6CE866E4DF7CE9889B24
                                                                                                                                                                                                                              Function 00007FF69E191030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                              • Opcode ID: 98735fc833f45bc53380bc4a74af040184e2df3462c9a9388a2020815b671cfc
                                                                                                                                                                                                                              • Instruction ID: 476a10df5db992b6842fc18cb280d4d3e91e5d49ce88013f8fd387f86b4be5a0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98735fc833f45bc53380bc4a74af040184e2df3462c9a9388a2020815b671cfc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B41B262F0865252FA28DB21B8846B96391FF64BD0F4544B2FD0D87796DE3CE8858760
                                                                                                                                                                                                                              Function 00007FF69E191450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                              • Opcode ID: 1b1c50dd745969e06b7310acb5dde250f69d1e0c43c64646fe4b3d807e4437c5
                                                                                                                                                                                                                              • Instruction ID: c159f3db215362ed4f95ac2cfb4c0df4f3e8716bc48664a9ee9cbc609f804acc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b1c50dd745969e06b7310acb5dde250f69d1e0c43c64646fe4b3d807e4437c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16418F72B0864256FB28DB21E4802F96391FF69794F8544B2FD0D87B99DE3CE585C720
                                                                                                                                                                                                                              Function 00007FF69E19DF38 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                                              • Opcode ID: 6e9e033ed6031b1d797039d272c1e65d04a1f40577f6f2a6ca58cdf15e4e0b3b
                                                                                                                                                                                                                              • Instruction ID: 8646d89828ebb0f9cf28b7eadce8c829bc550302ea0fd569d83cbc11cf2c4c92
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e9e033ed6031b1d797039d272c1e65d04a1f40577f6f2a6ca58cdf15e4e0b3b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EFD18E32A08B4186EB309F65E4803AD77A0FB65798F240176FE8D97B96CF38E191C711
                                                                                                                                                                                                                              Function 00007FF69E1AFF1C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF69E1B02B6,?,?,0000016256B75BC8,00007FF69E1ABBFB,?,?,?,00007FF69E1ABAF2,?,?,?,00007FF69E1A6E9E), ref: 00007FF69E1B0098
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF69E1B02B6,?,?,0000016256B75BC8,00007FF69E1ABBFB,?,?,?,00007FF69E1ABAF2,?,?,?,00007FF69E1A6E9E), ref: 00007FF69E1B00A4
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                                              • Opcode ID: aadbaee7c76e5d54b6d4897acaf79a0667e5faa90471c45c14db321705774b03
                                                                                                                                                                                                                              • Instruction ID: 140bb78ae58457421dcfa4ec9f65e93233f59a8d28d739dcad3cf6f77e6d66b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aadbaee7c76e5d54b6d4897acaf79a0667e5faa90471c45c14db321705774b03
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C41A022F19A42C1EA368B16A8806792392FF69BE0F494175ED0DC77A8DE7DE4458224
                                                                                                                                                                                                                              Function 00007FF69E192310 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E192AC6,?,00007FF69E192BC5), ref: 00007FF69E192360
                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E192AC6,?,00007FF69E192BC5), ref: 00007FF69E19241A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentFormatMessageProcess
                                                                                                                                                                                                                              • String ID: %ls$%ls: $<FormatMessageW failed.>$[PYI-%d:ERROR]
                                                                                                                                                                                                                              • API String ID: 27993502-4247535189
                                                                                                                                                                                                                              • Opcode ID: f44dac26104a74f6fbc2184d3fd8cb70647f8f70ec85c50d3a7ef1bf325d76e2
                                                                                                                                                                                                                              • Instruction ID: f4d9cb6436fde89dac3508983dc261047a9ed4db845ae544fc39b309e31f5b5a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f44dac26104a74f6fbc2184d3fd8cb70647f8f70ec85c50d3a7ef1bf325d76e2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F31B122B0864141F6349725B8946EA62A1FF98B94F410176FE8DD3B59DE3CE546C710
                                                                                                                                                                                                                              Function 00007FF69E19D1F8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF69E19D4AA,?,?,?,00007FF69E19D19C,?,?,?,00007FF69E19CD99), ref: 00007FF69E19D27D
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF69E19D4AA,?,?,?,00007FF69E19D19C,?,?,?,00007FF69E19CD99), ref: 00007FF69E19D28B
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF69E19D4AA,?,?,?,00007FF69E19D19C,?,?,?,00007FF69E19CD99), ref: 00007FF69E19D2B5
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF69E19D4AA,?,?,?,00007FF69E19D19C,?,?,?,00007FF69E19CD99), ref: 00007FF69E19D323
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF69E19D4AA,?,?,?,00007FF69E19D19C,?,?,?,00007FF69E19CD99), ref: 00007FF69E19D32F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                              • Opcode ID: cfe7c3e8e36681254bad5299873ee692e307dc20b52bfdb0e9be079fe62a9b1d
                                                                                                                                                                                                                              • Instruction ID: fbae88182043e1ae3b7a3376621f15604f9b395ecb6d30a45107b2ddf5002a9e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfe7c3e8e36681254bad5299873ee692e307dc20b52bfdb0e9be079fe62a9b1d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F531B221B1AA4291EE359B42B8807792394FF69BA0F5A0575ED1DC7394DF3CE445C334
                                                                                                                                                                                                                              Function 00007FF69E1957C0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                              • Opcode ID: 8f2beb87be42e2e941db9166639801d5cbaf6a7c9720615fb91e21965ec7150f
                                                                                                                                                                                                                              • Instruction ID: 45fde336b960ba385dc2fc29373c465883111783f3788f37084f2ff92a899d81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f2beb87be42e2e941db9166639801d5cbaf6a7c9720615fb91e21965ec7150f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1419E31E08A8B91FA35DB21F4842E96315FB64384F800172FA5ED769AEF3CE645C360
                                                                                                                                                                                                                              Function 00007FF69E1ABFF0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 0b20348f9c1a83954d0a053c40579325a412568fb84c9ff09bb00993ff3f795b
                                                                                                                                                                                                                              • Instruction ID: c05d9afc6759ee4840c0c4ac5a0f4b3694d122384e56cec4523ea8114e4de39a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b20348f9c1a83954d0a053c40579325a412568fb84c9ff09bb00993ff3f795b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F215024E8C64282F979673597C117D5256CF647B0F1447B5F83ECABEADE2CE8494320
                                                                                                                                                                                                                              Function 00007FF69E1B8F7C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                              • Opcode ID: 09dec002ca810f05fd5d7c823bfe6aa00a703a0ca75bfd1bbea9b479bbcb78f6
                                                                                                                                                                                                                              • Instruction ID: b832dec5249f35651b9c7bbeee19736c715cd2453ea80b947d604823c30c17ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09dec002ca810f05fd5d7c823bfe6aa00a703a0ca75bfd1bbea9b479bbcb78f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71118121F18A4186F7608B52E89432972A4FBA8FE4F580275FA1DC77A8CF3CD444C750
                                                                                                                                                                                                                              Function 00007FF69E1983B0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00000000,00007FF69E1933E6), ref: 00007FF69E1983DD
                                                                                                                                                                                                                              • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF69E1933E6), ref: 00007FF69E19843A
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1988F0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF69E193A24,00000000,00007FF69E191965), ref: 00007FF69E198929
                                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF69E1933E6), ref: 00007FF69E1984C5
                                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF69E1933E6), ref: 00007FF69E198524
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FF69E1933E6), ref: 00007FF69E198535
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FF69E1933E6), ref: 00007FF69E19854A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3462794448-0
                                                                                                                                                                                                                              • Opcode ID: 6ecb06d6968f6546db3bba2b41207f803a8ec0390fc4e9e0cb4ab4235174347d
                                                                                                                                                                                                                              • Instruction ID: 6742e34d179bc4815a723c7647fcd7e8cd706aefac6c5ae8164cd3b7c9ec75e3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ecb06d6968f6546db3bba2b41207f803a8ec0390fc4e9e0cb4ab4235174347d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B441D0A2A1968241FA709B12B4846BA73A0FFA4BC4F444176EF8DD7789DF3CE444C724
                                                                                                                                                                                                                              Function 00007FF69E1AC168 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332,?,?,?,?,00007FF69E1A806B), ref: 00007FF69E1AC177
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332,?,?,?,?,00007FF69E1A806B), ref: 00007FF69E1AC1AD
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332,?,?,?,?,00007FF69E1A806B), ref: 00007FF69E1AC1DA
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332,?,?,?,?,00007FF69E1A806B), ref: 00007FF69E1AC1EB
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332,?,?,?,?,00007FF69E1A806B), ref: 00007FF69E1AC1FC
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF69E1A5DF1,?,?,?,?,00007FF69E1AB332,?,?,?,?,00007FF69E1A806B), ref: 00007FF69E1AC217
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 6aa970e24f5ca119c8451d38d23d2f51b6f731ec3ce752582579c637f9f4275c
                                                                                                                                                                                                                              • Instruction ID: 9d142a3ec202c5ed85bfb2a7b3aac49fe4868e6ce5271adeb59e057a1e49ca5d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aa970e24f5ca119c8451d38d23d2f51b6f731ec3ce752582579c637f9f4275c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42119024F8C242C2FA79A36596C11391196DFA47B0F1807B5F83EC77E6DE2CE8498720
                                                                                                                                                                                                                              Function 00007FF69E1AA960 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                              • Opcode ID: 418ea1e238ba9159b4af0c063643a1e1072a19be9fd93c352edfae4455fd553e
                                                                                                                                                                                                                              • Instruction ID: 2c5660c85bf45fe57e6d6c9aa3a926440011415735a55c9d1b982705c89ca658
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 418ea1e238ba9159b4af0c063643a1e1072a19be9fd93c352edfae4455fd553e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F06861F09A0241FB385B24E4843396360EF59761F980675E55EC53E8CF3CD049C320
                                                                                                                                                                                                                              Function 00007FF69E1BA578 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                              • Instruction ID: 1ce3d9053971b9b3f9e89930d735954c283a7ecf3eea599db0e5d6da6a5aa185
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A51151B2EACA0301F6741128D5E53761154EF783B4F4D46B6FA7E867DECE2CA9818120
                                                                                                                                                                                                                              Function 00007FF69E1AC230 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF69E1AB487,?,?,00000000,00007FF69E1AB722,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AC24F
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1AB487,?,?,00000000,00007FF69E1AB722,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AC26E
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1AB487,?,?,00000000,00007FF69E1AB722,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AC296
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1AB487,?,?,00000000,00007FF69E1AB722,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AC2A7
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF69E1AB487,?,?,00000000,00007FF69E1AB722,?,?,?,?,?,00007FF69E1AB6AE), ref: 00007FF69E1AC2B8
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: 55c2cfa3c6c0b66b4a1c6f957022f3ceea8d13f022cba7a3d54dd2efb067ed29
                                                                                                                                                                                                                              • Instruction ID: 6c305c1716cbd242e258d8b1dd53bd1a3c202973ee6c08998aeb521a60e8c497
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55c2cfa3c6c0b66b4a1c6f957022f3ceea8d13f022cba7a3d54dd2efb067ed29
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE114220F8C24282F979A3A595D11791157DFB47B0F0843B5F83ED67E6DE2CE8498320
                                                                                                                                                                                                                              Function 00007FF69E1AC0C4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: ea3a9fca6980d96fa6a8d584e22936267001dce1870df9540930b962f91c0f75
                                                                                                                                                                                                                              • Instruction ID: 99d35528ef7313f6011af12f6ced2ac1b6b7aa6e66ac6be61ad2d904aefeec39
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea3a9fca6980d96fa6a8d584e22936267001dce1870df9540930b962f91c0f75
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20112A14F88207C2F9B9632689D15791186CF64770F1807B8F83EDA2E2DE3CB8898270
                                                                                                                                                                                                                              Function 00007FF69E198330 Relevance: 7.5, APIs: 5, Instructions: 34sleepthreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Window$Process$ConsoleCurrentShowSleepThread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3908687701-0
                                                                                                                                                                                                                              • Opcode ID: 189641115a4061fc09c8677c82cfa9183799967502c0d878e9acba3bff40d2a2
                                                                                                                                                                                                                              • Instruction ID: 2631bce0a1d5582903559569f4a45745173225cc4b2472e1010279b5216f77a2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 189641115a4061fc09c8677c82cfa9183799967502c0d878e9acba3bff40d2a2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF03131E18B4292FA685B22B4C453963A4EF64B84F0850B5FA4EC3769DE3DD5518720
                                                                                                                                                                                                                              Function 00007FF69E1A6F00 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: verbose
                                                                                                                                                                                                                              • API String ID: 3215553584-579935070
                                                                                                                                                                                                                              • Opcode ID: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                                                                                                              • Instruction ID: add6a291c4f3a36273a66610a6e3939c2a7222ab7684526e015645b11450da3f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3691DF22A48A4682F7719E24D89077E33D1EB61BA4F8441B6EA5DC33C5DF3CE9498361
                                                                                                                                                                                                                              Function 00007FF69E1B0DD8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                              • Opcode ID: 0f94fbfdb2a41be3f3cf5a79916f7e54565c06583a8995a71c4ffc2f48f318d6
                                                                                                                                                                                                                              • Instruction ID: d60300d7f5b3da4b0241105312eef8563e5c39d5046d67c11f9ee131f21c6203
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f94fbfdb2a41be3f3cf5a79916f7e54565c06583a8995a71c4ffc2f48f318d6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD817376F0C242C6F7744E2681D02BD26A0EB31B84F5980B9FA49D73ADCF2DE9419761
                                                                                                                                                                                                                              Function 00007FF69E19CB78 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                              • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                              • Opcode ID: ef1879a6950a8d40b8b6b13be53b940b4e1f0e07f3723e86cdcfdad74941457a
                                                                                                                                                                                                                              • Instruction ID: 6fbcea6444610385f66d8124e1062f96d05a2212c7a1413c241b25620d3af561
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef1879a6950a8d40b8b6b13be53b940b4e1f0e07f3723e86cdcfdad74941457a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F51AE32B196428ADB288F15F484A7C3B91FB64B98F548171FA8E87788DF3DE841C750
                                                                                                                                                                                                                              Function 00007FF69E19E7B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                              • Opcode ID: 3d688b2030f6ff0abdfc3dd59f0c327938197cf645ae74c01235bdaf5d58afed
                                                                                                                                                                                                                              • Instruction ID: 993223835417052a5b37089600eb6574bd41d91649fdc6724ef7df7644d7130b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d688b2030f6ff0abdfc3dd59f0c327938197cf645ae74c01235bdaf5d58afed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D519E329082428AEB748F25E08436877E0FB65B94F2451B5EA9D87BC5CF3CE4A0C711
                                                                                                                                                                                                                              Function 00007FF69E19E408 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                              • Opcode ID: edde39921f5ee52097c6895792b16df5fa6acf6af9cdc4a519cbf1eacb12af35
                                                                                                                                                                                                                              • Instruction ID: de5f54e7fd9dcb79d51522d79ad0cd41f688b5de2abd027ee61c6b6dcbb0d7b4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edde39921f5ee52097c6895792b16df5fa6acf6af9cdc4a519cbf1eacb12af35
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22618F72908BC581EB709B15F4803AAB7A0FBA4B94F144265EB9D83B95DF7CE194CB10
                                                                                                                                                                                                                              Function 00007FF69E192220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,00007FF69E19867F), ref: 00007FF69E19226E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: %ls$WARNING$[PYI-%d:%ls]
                                                                                                                                                                                                                              • API String ID: 2050909247-3372507544
                                                                                                                                                                                                                              • Opcode ID: c23ec3862d6d49bee5b8e3278aef16b943e6e5a8136b4f67b876b2da5951f925
                                                                                                                                                                                                                              • Instruction ID: 0b22dd5db00fad72970dc1f9ff5b36f88fb851a84f7ec66b76dd825eb050bd72
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c23ec3862d6d49bee5b8e3278aef16b943e6e5a8136b4f67b876b2da5951f925
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA21CF22B18B8291E6309BA1F8856EA7365FF947C0F400176FA8D93B5ADF3CE255C750
                                                                                                                                                                                                                              Function 00007FF69E1AD440 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                                              • Opcode ID: 14e2902efc198ac46428043d17887fc0fe1e73f87b4a8b96d0a669f693f5166b
                                                                                                                                                                                                                              • Instruction ID: c232f14fd40faaf0ef4159568e3a6837a4b0e579532874f3439aebb673e33fb8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14e2902efc198ac46428043d17887fc0fe1e73f87b4a8b96d0a669f693f5166b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1D1E172B08A8189E721CF65D4802BC37B1FB647ECB044275EE5E97B99DE38E45AC310
                                                                                                                                                                                                                              Function 00007FF69E1B6D2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                              • Opcode ID: ea27d5bab428f8d08876b527b76b9e577d8d7331fbc1e16d258a527e235e04e0
                                                                                                                                                                                                                              • Instruction ID: 970915b5be512e81350dd9cfd3e0e6b94846651b774bef8d291ea558a66c3e4d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea27d5bab428f8d08876b527b76b9e577d8d7331fbc1e16d258a527e235e04e0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8410722E1868242FB749B25D48177A66A0EBB0BA4F184275FF9D86BDDDF3CD481C710
                                                                                                                                                                                                                              Function 00007FF69E1A9EF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E1A9F22
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB404: RtlFreeHeap.NTDLL(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB41A
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1AB404: GetLastError.KERNEL32(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB424
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69E19C105), ref: 00007FF69E1A9F40
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\grass.exe
                                                                                                                                                                                                                              • API String ID: 3580290477-4084898051
                                                                                                                                                                                                                              • Opcode ID: bc01061c4cc8c91eee370674af58ee8194fcae9dda6430c35c80b2c7cc3d28c8
                                                                                                                                                                                                                              • Instruction ID: 6d44bf77e14285abafdc9ac38e02224f076018789e3b8308e0216a6be7122d6c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc01061c4cc8c91eee370674af58ee8194fcae9dda6430c35c80b2c7cc3d28c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26418036A48B5285EB34DF25A4C00BD27A4FF547A4F544076FA4E83B86DF3DE4898320
                                                                                                                                                                                                                              Function 00007FF69E1ADAD8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                              • Opcode ID: 797531766008a18f3c3f2ebfc764013bb0aa63053139a0e0a3037f6d78866fb3
                                                                                                                                                                                                                              • Instruction ID: fbc0776132b553338a9f86c31e9d5c650dc1af2721c26ae15bcd6905e6c92915
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 797531766008a18f3c3f2ebfc764013bb0aa63053139a0e0a3037f6d78866fb3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF41B122A18A9181EB20CF25E4843B967A0FBA8798F854035FE4EC7798DF7CD445C750
                                                                                                                                                                                                                              Function 00007FF69E192020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF69E191B4A), ref: 00007FF69E192070
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: %s: %s$[PYI-%d:ERROR]
                                                                                                                                                                                                                              • API String ID: 2050909247-3704582800
                                                                                                                                                                                                                              • Opcode ID: ebe6697f12ad02503cffa64283aecd79278313c21e34cf74a6abe378b8759c19
                                                                                                                                                                                                                              • Instruction ID: 9758bedc366be7e89579cfaa62dd0d6d9545e157e341cf0f24a374aadac33e2c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebe6697f12ad02503cffa64283aecd79278313c21e34cf74a6abe378b8759c19
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77210223B1868145E7309761B8816FA6295FF98BD4F410172FE8DD3B89DF3CE186C210
                                                                                                                                                                                                                              Function 00007FF69E1B07C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                                              • Opcode ID: 576b735185a232e7c4c7703006db41f83a331aa74a964717a1a8a85435f6eb25
                                                                                                                                                                                                                              • Instruction ID: ded3c7366be19741dbcbd5a07cc5c83c0ee3934a732b7d951f0f4d6c1c252ab5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 576b735185a232e7c4c7703006db41f83a331aa74a964717a1a8a85435f6eb25
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1421A562E08681C1EB349B16D48427D73A1FB94B84F498075E68D83799DFBCDA85C7A0
                                                                                                                                                                                                                              Function 00007FF69E191E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF69E191B79), ref: 00007FF69E191E9E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: ERROR$[PYI-%d:%s]
                                                                                                                                                                                                                              • API String ID: 2050909247-3005936843
                                                                                                                                                                                                                              • Opcode ID: a5bf08f2c89cf667238edf45a936573bde058e15704574c9bcaf5d59603a2596
                                                                                                                                                                                                                              • Instruction ID: da0520a20ce22da2f6ca8cb5c056340de4c594debdfa72e9f3b8cc57cd6d8c33
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5bf08f2c89cf667238edf45a936573bde058e15704574c9bcaf5d59603a2596
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8118E32B18B8181E6309B61B8C16EA73A4EB947C4F400176FA8D93B59EE7CD1958714
                                                                                                                                                                                                                              Function 00007FF69E192140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF69E1928DA,FFFFFFFF,00000000,00007FF69E19336A), ref: 00007FF69E19218E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: WARNING$[PYI-%d:%s]
                                                                                                                                                                                                                              • API String ID: 2050909247-3752221249
                                                                                                                                                                                                                              • Opcode ID: db875de87ed083cbe8b8ac9ce96a8a46b9823338c5ab1c0f8249dfcf38eaa236
                                                                                                                                                                                                                              • Instruction ID: 8fc044963058e2536cb6adda4b969ae30a5ca43f7872cbcbe00eb8545b242507
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db875de87ed083cbe8b8ac9ce96a8a46b9823338c5ab1c0f8249dfcf38eaa236
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC118E32A18B8181E6309B61B8C16EA73A4FB987C4F400176FA8D93B59DF7CD1958714
                                                                                                                                                                                                                              Function 00007FF69E19F278 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                              • Opcode ID: 2d92b8b7d521df9494866c30e4ae755c0f7892732a35e9ef4a1741b3f71c7287
                                                                                                                                                                                                                              • Instruction ID: d28bd89574285bf1e825e74f08e7856a7fc4ed939155c2a785c0eadfd71ba659
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d92b8b7d521df9494866c30e4ae755c0f7892732a35e9ef4a1741b3f71c7287
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9111C36A18B8582EB658F15F48026977E4FB98B84F684270EE9D47758DF3CD551C700
                                                                                                                                                                                                                              Function 00007FF69E1B194C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2627677747.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627658235.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627705029.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627727908.00007FF69E1D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2627769092.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                                              • Opcode ID: bb470fc7cf78428f0d9dc0079e6dc4031c2c99e910ba5258b42cac156009a768
                                                                                                                                                                                                                              • Instruction ID: 30f76b72de994c0e9115f6f19fba502d2d209dde129ea87edde51e55726596fc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb470fc7cf78428f0d9dc0079e6dc4031c2c99e910ba5258b42cac156009a768
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89018F22E1C246C6F734AF60A4A127E63A0EF64744F850075F94EC6799DF3CE544CB24

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:1.2%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:0.5%
                                                                                                                                                                                                                              Total number of Nodes:1330
                                                                                                                                                                                                                              Total number of Limit Nodes:48
                                                                                                                                                                                                                              execution_graph 89359 7ff69e1ad080 89360 7ff69e1ad0b0 89359->89360 89363 7ff69e1aceb4 89360->89363 89362 7ff69e1ad0c9 89364 7ff69e1acedd 89363->89364 89366 7ff69e1acf0b 89363->89366 89364->89362 89365 7ff69e1acf24 89375 7ff69e1ab6f8 37 API calls 2 library calls 89365->89375 89366->89365 89368 7ff69e1acf7b 89366->89368 89374 7ff69e1a92ec EnterCriticalSection 89368->89374 89370 7ff69e1acf82 89371 7ff69e1acf99 89370->89371 89372 7ff69e1acfd4 _fread_nolock 39 API calls 89370->89372 89373 7ff69e1a93d4 _fread_nolock LeaveCriticalSection 89371->89373 89372->89371 89373->89364 89375->89364 89376 7ff69e192480 89377 7ff69e192490 89376->89377 89378 7ff69e1924e1 89377->89378 89379 7ff69e1924cb 89377->89379 89382 7ff69e192501 89378->89382 89387 7ff69e192517 __vcrt_freefls 89378->89387 89431 7ff69e191e50 81 API calls _log10_special 89379->89431 89381 7ff69e1924d7 89433 7ff69e19bab0 89381->89433 89432 7ff69e191e50 81 API calls _log10_special 89382->89432 89387->89381 89388 7ff69e192706 89387->89388 89391 7ff69e1926f0 89387->89391 89393 7ff69e1926ca 89387->89393 89395 7ff69e1926a7 89387->89395 89397 7ff69e191450 89387->89397 89427 7ff69e191c60 89387->89427 89445 7ff69e191e50 81 API calls _log10_special 89388->89445 89444 7ff69e191e50 81 API calls _log10_special 89391->89444 89443 7ff69e191e50 81 API calls _log10_special 89393->89443 89442 7ff69e191e50 81 API calls _log10_special 89395->89442 89446 7ff69e1939f0 89397->89446 89400 7ff69e19147b 89486 7ff69e191e50 81 API calls _log10_special 89400->89486 89401 7ff69e19149c 89456 7ff69e19fbcc 89401->89456 89404 7ff69e1914b1 89406 7ff69e1914b5 89404->89406 89407 7ff69e1914d8 89404->89407 89405 7ff69e19148b 89405->89387 89487 7ff69e1a5de8 11 API calls memcpy_s 89406->89487 89411 7ff69e191512 89407->89411 89412 7ff69e1914e8 89407->89412 89409 7ff69e1914ba 89488 7ff69e192020 87 API calls _log10_special 89409->89488 89414 7ff69e191518 89411->89414 89415 7ff69e19152b 89411->89415 89489 7ff69e1a5de8 11 API calls memcpy_s 89412->89489 89460 7ff69e1911f0 89414->89460 89421 7ff69e1914d3 __vcrt_freefls 89415->89421 89423 7ff69e1915b6 89415->89423 89491 7ff69e19f894 89415->89491 89417 7ff69e1914f0 89490 7ff69e192020 87 API calls _log10_special 89417->89490 89420 7ff69e1915a4 89420->89387 89482 7ff69e19f544 89421->89482 89494 7ff69e1a5de8 11 API calls memcpy_s 89423->89494 89425 7ff69e1915bb 89495 7ff69e192020 87 API calls _log10_special 89425->89495 89428 7ff69e191c85 89427->89428 89717 7ff69e1a5864 89428->89717 89431->89381 89432->89381 89434 7ff69e19bab9 89433->89434 89435 7ff69e19269a 89434->89435 89436 7ff69e19be40 IsProcessorFeaturePresent 89434->89436 89437 7ff69e19be58 89436->89437 89744 7ff69e19c038 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 89437->89744 89439 7ff69e19be6b 89745 7ff69e19be00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 89439->89745 89442->89381 89443->89381 89444->89381 89445->89381 89447 7ff69e1939fc 89446->89447 89496 7ff69e1988f0 89447->89496 89449 7ff69e193a24 89450 7ff69e1988f0 2 API calls 89449->89450 89451 7ff69e193a37 89450->89451 89501 7ff69e1a6ef4 89451->89501 89454 7ff69e19bab0 _log10_special 8 API calls 89455 7ff69e191473 89454->89455 89455->89400 89455->89401 89457 7ff69e19fbfc 89456->89457 89669 7ff69e19f95c 89457->89669 89459 7ff69e19fc15 89459->89404 89461 7ff69e191248 89460->89461 89462 7ff69e19124f 89461->89462 89463 7ff69e191277 89461->89463 89682 7ff69e191e50 81 API calls _log10_special 89462->89682 89466 7ff69e191291 89463->89466 89467 7ff69e1912b4 89463->89467 89465 7ff69e191262 89465->89421 89683 7ff69e1a5de8 11 API calls memcpy_s 89466->89683 89471 7ff69e1912c6 89467->89471 89480 7ff69e1912e9 memcpy_s 89467->89480 89469 7ff69e191296 89684 7ff69e192020 87 API calls _log10_special 89469->89684 89685 7ff69e1a5de8 11 API calls memcpy_s 89471->89685 89473 7ff69e19f894 _fread_nolock 53 API calls 89473->89480 89474 7ff69e1912cb 89686 7ff69e192020 87 API calls _log10_special 89474->89686 89476 7ff69e1912af __vcrt_freefls 89476->89421 89477 7ff69e1913af 89688 7ff69e191e50 81 API calls _log10_special 89477->89688 89480->89473 89480->89476 89480->89477 89481 7ff69e19f608 37 API calls 89480->89481 89687 7ff69e19ffd4 76 API calls 89480->89687 89481->89480 89483 7ff69e19f574 89482->89483 89689 7ff69e19f320 89483->89689 89485 7ff69e19f58d 89485->89420 89486->89405 89487->89409 89488->89421 89489->89417 89490->89421 89701 7ff69e19f8b4 89491->89701 89494->89425 89495->89421 89497 7ff69e198936 89496->89497 89498 7ff69e198912 MultiByteToWideChar 89496->89498 89499 7ff69e198953 MultiByteToWideChar 89497->89499 89500 7ff69e19894c __vcrt_freefls 89497->89500 89498->89497 89498->89500 89499->89500 89500->89449 89502 7ff69e1a6e28 89501->89502 89503 7ff69e1a6e4e 89502->89503 89506 7ff69e1a6e81 89502->89506 89532 7ff69e1a5de8 11 API calls memcpy_s 89503->89532 89505 7ff69e1a6e53 89533 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89505->89533 89508 7ff69e1a6e94 89506->89508 89509 7ff69e1a6e87 89506->89509 89520 7ff69e1abad0 89508->89520 89534 7ff69e1a5de8 11 API calls memcpy_s 89509->89534 89512 7ff69e193a46 89512->89454 89514 7ff69e1a6eb5 89527 7ff69e1b10dc 89514->89527 89515 7ff69e1a6ea8 89535 7ff69e1a5de8 11 API calls memcpy_s 89515->89535 89518 7ff69e1a6ec8 89536 7ff69e1a6288 LeaveCriticalSection 89518->89536 89537 7ff69e1b14e8 EnterCriticalSection 89520->89537 89522 7ff69e1abae7 89523 7ff69e1abb44 19 API calls 89522->89523 89524 7ff69e1abaf2 89523->89524 89525 7ff69e1b1548 _isindst LeaveCriticalSection 89524->89525 89526 7ff69e1a6e9e 89525->89526 89526->89514 89526->89515 89538 7ff69e1b0dd8 89527->89538 89530 7ff69e1b1136 89530->89518 89532->89505 89533->89512 89534->89512 89535->89512 89543 7ff69e1b0e13 __vcrt_FlsAlloc 89538->89543 89540 7ff69e1b10b1 89557 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89540->89557 89542 7ff69e1b0fe3 89542->89530 89550 7ff69e1b7f64 89542->89550 89548 7ff69e1b0fda 89543->89548 89553 7ff69e1a8918 51 API calls 3 library calls 89543->89553 89545 7ff69e1b1045 89545->89548 89554 7ff69e1a8918 51 API calls 3 library calls 89545->89554 89547 7ff69e1b1064 89547->89548 89555 7ff69e1a8918 51 API calls 3 library calls 89547->89555 89548->89542 89556 7ff69e1a5de8 11 API calls memcpy_s 89548->89556 89558 7ff69e1b7564 89550->89558 89553->89545 89554->89547 89555->89548 89556->89540 89557->89542 89559 7ff69e1b7599 89558->89559 89560 7ff69e1b757b 89558->89560 89559->89560 89563 7ff69e1b75b5 89559->89563 89612 7ff69e1a5de8 11 API calls memcpy_s 89560->89612 89562 7ff69e1b7580 89613 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89562->89613 89569 7ff69e1b7b74 89563->89569 89567 7ff69e1b758c 89567->89530 89615 7ff69e1b78a8 89569->89615 89572 7ff69e1b7c01 89635 7ff69e1a93fc 89572->89635 89573 7ff69e1b7be9 89647 7ff69e1a5dc8 11 API calls memcpy_s 89573->89647 89589 7ff69e1b75e0 89589->89567 89614 7ff69e1a93d4 LeaveCriticalSection 89589->89614 89591 7ff69e1b7bee 89648 7ff69e1a5de8 11 API calls memcpy_s 89591->89648 89612->89562 89613->89567 89616 7ff69e1b78d4 89615->89616 89623 7ff69e1b78ee 89615->89623 89616->89623 89660 7ff69e1a5de8 11 API calls memcpy_s 89616->89660 89618 7ff69e1b78e3 89661 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89618->89661 89620 7ff69e1b79bd 89633 7ff69e1b7a1a 89620->89633 89666 7ff69e1aaa50 37 API calls 2 library calls 89620->89666 89621 7ff69e1b796c 89621->89620 89664 7ff69e1a5de8 11 API calls memcpy_s 89621->89664 89623->89621 89662 7ff69e1a5de8 11 API calls memcpy_s 89623->89662 89625 7ff69e1b7a16 89628 7ff69e1b7a98 89625->89628 89625->89633 89627 7ff69e1b79b2 89665 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89627->89665 89667 7ff69e1ab7e4 17 API calls _isindst 89628->89667 89629 7ff69e1b7961 89663 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89629->89663 89633->89572 89633->89573 89668 7ff69e1b14e8 EnterCriticalSection 89635->89668 89647->89591 89648->89589 89660->89618 89661->89623 89662->89629 89663->89621 89664->89627 89665->89620 89666->89625 89670 7ff69e19f9c6 89669->89670 89671 7ff69e19f986 89669->89671 89670->89671 89673 7ff69e19f9d2 89670->89673 89681 7ff69e1ab6f8 37 API calls 2 library calls 89671->89681 89680 7ff69e1a627c EnterCriticalSection 89673->89680 89674 7ff69e19f9ad 89674->89459 89676 7ff69e19f9d7 89677 7ff69e19fae0 71 API calls 89676->89677 89678 7ff69e19f9e9 89677->89678 89679 7ff69e1a6288 _fread_nolock LeaveCriticalSection 89678->89679 89679->89674 89681->89674 89682->89465 89683->89469 89684->89476 89685->89474 89686->89476 89687->89480 89688->89476 89690 7ff69e19f369 89689->89690 89691 7ff69e19f33b 89689->89691 89694 7ff69e19f35b 89690->89694 89699 7ff69e1a627c EnterCriticalSection 89690->89699 89700 7ff69e1ab6f8 37 API calls 2 library calls 89691->89700 89694->89485 89695 7ff69e19f380 89696 7ff69e19f39c 72 API calls 89695->89696 89697 7ff69e19f38c 89696->89697 89698 7ff69e1a6288 _fread_nolock LeaveCriticalSection 89697->89698 89698->89694 89700->89694 89702 7ff69e19f8de 89701->89702 89713 7ff69e19f8ac 89701->89713 89703 7ff69e19f92a 89702->89703 89704 7ff69e19f8ed memcpy_s 89702->89704 89702->89713 89714 7ff69e1a627c EnterCriticalSection 89703->89714 89715 7ff69e1a5de8 11 API calls memcpy_s 89704->89715 89706 7ff69e19f932 89708 7ff69e19f634 _fread_nolock 51 API calls 89706->89708 89710 7ff69e19f949 89708->89710 89709 7ff69e19f902 89716 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89709->89716 89712 7ff69e1a6288 _fread_nolock LeaveCriticalSection 89710->89712 89712->89713 89713->89415 89715->89709 89716->89713 89719 7ff69e1a58be 89717->89719 89718 7ff69e1a58e3 89735 7ff69e1ab6f8 37 API calls 2 library calls 89718->89735 89719->89718 89721 7ff69e1a591f 89719->89721 89736 7ff69e1a2758 49 API calls _invalid_parameter_noinfo 89721->89736 89723 7ff69e1a590d 89726 7ff69e19bab0 _log10_special 8 API calls 89723->89726 89724 7ff69e1a59fc 89725 7ff69e1ab404 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 89724->89725 89725->89723 89727 7ff69e191ca8 89726->89727 89727->89387 89728 7ff69e1a59b6 89728->89724 89729 7ff69e1a59d1 89728->89729 89730 7ff69e1a5a20 89728->89730 89732 7ff69e1a59c8 89728->89732 89737 7ff69e1ab404 89729->89737 89730->89724 89733 7ff69e1a5a2a 89730->89733 89732->89724 89732->89729 89734 7ff69e1ab404 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 89733->89734 89734->89723 89735->89723 89736->89728 89738 7ff69e1ab438 89737->89738 89739 7ff69e1ab409 RtlFreeHeap 89737->89739 89738->89723 89739->89738 89740 7ff69e1ab424 GetLastError 89739->89740 89741 7ff69e1ab431 Concurrency::details::SchedulerProxy::DeleteThis 89740->89741 89743 7ff69e1a5de8 11 API calls memcpy_s 89741->89743 89743->89738 89744->89439 89746 7ff69e1a6584 89747 7ff69e1a659e 89746->89747 89748 7ff69e1a65bb 89746->89748 89771 7ff69e1a5dc8 11 API calls memcpy_s 89747->89771 89748->89747 89749 7ff69e1a65ce CreateFileW 89748->89749 89751 7ff69e1a6602 89749->89751 89752 7ff69e1a6638 89749->89752 89774 7ff69e1a66d8 59 API calls 3 library calls 89751->89774 89775 7ff69e1a6b60 46 API calls 3 library calls 89752->89775 89753 7ff69e1a65a3 89772 7ff69e1a5de8 11 API calls memcpy_s 89753->89772 89757 7ff69e1a6610 89760 7ff69e1a6617 CloseHandle 89757->89760 89761 7ff69e1a662d CloseHandle 89757->89761 89758 7ff69e1a663d 89762 7ff69e1a6641 89758->89762 89763 7ff69e1a666c 89758->89763 89759 7ff69e1a65ab 89773 7ff69e1ab7c4 37 API calls _invalid_parameter_noinfo 89759->89773 89766 7ff69e1a65b6 89760->89766 89761->89766 89776 7ff69e1a5d5c 11 API calls 2 library calls 89762->89776 89777 7ff69e1a6920 51 API calls 89763->89777 89768 7ff69e1a6679 89778 7ff69e1a6a5c 21 API calls _fread_nolock 89768->89778 89770 7ff69e1a664b 89770->89766 89771->89753 89772->89759 89773->89766 89774->89757 89775->89758 89776->89770 89777->89768 89778->89770 89779 7ffb0b99dddc 89780 7ffb0b9a6f26 __acrt_iob_func 89779->89780 89781 7ffb0b99de4f 89779->89781 89893 7ffb0b9a779c __stdio_common_vfprintf 89780->89893 89889 7ffb0b99e748 89781->89889 89784 7ffb0b9a6f4d __acrt_iob_func 89894 7ffb0b9a779c __stdio_common_vfprintf 89784->89894 89785 7ffb0b99deb5 89787 7ffb0b9a7033 89785->89787 89790 7ffb0b99e748 PyErr_Format 89785->89790 89789 7ffb0b9a708d 89787->89789 89791 7ffb0b9a7087 _Py_Dealloc 89787->89791 89788 7ffb0b9a6f67 __acrt_iob_func fputc 89794 7ffb0b9a6f86 _Py_Dealloc 89788->89794 89792 7ffb0b9a70a2 89789->89792 89795 7ffb0b9a7099 _Py_Dealloc 89789->89795 89793 7ffb0b99ded8 89790->89793 89791->89789 89796 7ffb0b9a70b6 89792->89796 89799 7ffb0b9a70ad _Py_Dealloc 89792->89799 89793->89787 89797 7ffb0b99dee8 PyType_Ready 89793->89797 89803 7ffb0b9a6f95 _Py_Dealloc 89794->89803 89795->89792 89798 7ffb0b9a70ca 89796->89798 89801 7ffb0b9a70c1 _Py_Dealloc 89796->89801 89797->89787 89800 7ffb0b99df20 PyType_Ready 89797->89800 89802 7ffb0b9a70e9 89798->89802 89806 7ffb0b9a70e3 _Py_Dealloc 89798->89806 89799->89796 89800->89787 89804 7ffb0b99df35 PyType_Ready 89800->89804 89801->89798 89807 7ffb0b9a7108 89802->89807 89809 7ffb0b9a7102 _Py_Dealloc 89802->89809 89811 7ffb0b9a6fa4 _Py_Dealloc 89803->89811 89804->89787 89805 7ffb0b99df4a PyType_Ready 89804->89805 89805->89787 89808 7ffb0b99df5f PyUnicode_FromString 89805->89808 89806->89802 89810 7ffb0b9a7127 89807->89810 89813 7ffb0b9a7121 _Py_Dealloc 89807->89813 89808->89787 89812 7ffb0b99df78 PyDict_SetItemString 89808->89812 89809->89807 89814 7ffb0b9a7146 89810->89814 89817 7ffb0b9a7140 _Py_Dealloc 89810->89817 89818 7ffb0b9a6fb3 _Py_Dealloc 89811->89818 89815 7ffb0b99df97 PyDict_SetItemString 89812->89815 89816 7ffb0b9a7047 89812->89816 89813->89810 89819 7ffb0b9a7165 89814->89819 89820 7ffb0b9a715f _Py_Dealloc 89814->89820 89815->89816 89822 7ffb0b99dfb6 89815->89822 89816->89787 89827 7ffb0b9a7065 _Py_Dealloc 89816->89827 89817->89814 89826 7ffb0b9a6fc2 _Py_Dealloc 89818->89826 89821 7ffb0b9a7184 89819->89821 89823 7ffb0b9a717e _Py_Dealloc 89819->89823 89820->89819 89824 7ffb0b9a7198 89821->89824 89828 7ffb0b9a718f _Py_Dealloc 89821->89828 89822->89794 89825 7ffb0b99dfc0 PyImport_ImportModule 89822->89825 89823->89821 89825->89787 89829 7ffb0b99dfd9 PyObject_GetAttrString 89825->89829 89830 7ffb0b9a6fd1 _Py_Dealloc 89826->89830 89827->89787 89828->89824 89831 7ffb0b99dff5 PyObject_CallMethod 89829->89831 89832 7ffb0b9a7038 89829->89832 89835 7ffb0b9a6fdd _Py_Dealloc 89830->89835 89831->89832 89833 7ffb0b99e01c 89831->89833 89832->89816 89834 7ffb0b9a703e _Py_Dealloc 89832->89834 89833->89803 89836 7ffb0b99e026 PyObject_GetAttrString 89833->89836 89834->89816 89838 7ffb0b9a6fe9 _Py_Dealloc 89835->89838 89836->89832 89837 7ffb0b99e046 89836->89837 89837->89811 89837->89818 89839 7ffb0b99e05a PyImport_ImportModule 89837->89839 89840 7ffb0b9a6ff5 _Py_Dealloc 89838->89840 89839->89787 89841 7ffb0b99e073 PyObject_CallMethod 89839->89841 89843 7ffb0b9a7004 _Py_Dealloc 89840->89843 89841->89787 89842 7ffb0b99e0ad PyUnicode_FromString 89841->89842 89842->89787 89844 7ffb0b99e0c6 PyDict_SetItemString 89842->89844 89847 7ffb0b9a7013 PyModule_AddIntConstant 89843->89847 89844->89816 89845 7ffb0b99e0ec 89844->89845 89845->89826 89846 7ffb0b99e0f6 PyImport_ImportModule 89845->89846 89846->89787 89848 7ffb0b99e10f PyObject_GetAttrString 89846->89848 89847->89787 89887 7ffb0b99e5f0 89847->89887 89848->89787 89849 7ffb0b99e12b PyObject_CallFunction 89848->89849 89849->89787 89851 7ffb0b99e162 89849->89851 89850 7ffb0b99e607 89852 7ffb0b99e614 PyUnicode_InternFromString 89850->89852 89855 7ffb0b99e66b PyModule_AddStringConstant 89850->89855 89851->89830 89851->89835 89851->89838 89854 7ffb0b99e192 PyModule_Create2 89851->89854 89852->89787 89853 7ffb0b99e63a PyModule_AddObject 89852->89853 89853->89787 89853->89850 89854->89787 89856 7ffb0b99e1b0 PyModule_AddObject 89854->89856 89855->89787 89857 7ffb0b99e68a PyModule_AddStringConstant 89855->89857 89856->89787 89858 7ffb0b99e1d6 PyModule_AddObject 89856->89858 89857->89816 89859 7ffb0b99e6ac 89857->89859 89858->89787 89860 7ffb0b99e1fc PyModule_AddObject 89858->89860 89860->89787 89861 7ffb0b99e21e PyErr_NewException 89860->89861 89861->89787 89862 7ffb0b99e248 PyModule_AddObject 89861->89862 89862->89787 89863 7ffb0b99e266 PyTuple_New 89862->89863 89863->89787 89869 7ffb0b99e281 89863->89869 89864 7ffb0b99e6cd PyTuple_Pack 89867 7ffb0b99e6ee PyTuple_Pack 89864->89867 89866 7ffb0b99e2bb PyTuple_Pack 89866->89787 89868 7ffb0b99e2d9 PyErr_NewException 89866->89868 89867->89864 89868->89787 89868->89869 89869->89840 89869->89864 89869->89866 89869->89867 89870 7ffb0b99e2ff PyModule_AddObject 89869->89870 89871 7ffb0b99e349 89869->89871 89870->89787 89870->89869 89871->89843 89872 7ffb0b99e3e2 PyObject_CallObject 89871->89872 89875 7ffb0b99e374 PyTuple_Pack 89871->89875 89876 7ffb0b99e72c PyTuple_Pack 89871->89876 89881 7ffb0b99e3b1 PyModule_AddObject 89871->89881 89872->89787 89873 7ffb0b99e404 PyModule_AddObject 89872->89873 89873->89787 89874 7ffb0b99e422 PyContextVar_New 89873->89874 89874->89787 89877 7ffb0b99e441 PyModule_AddObject 89874->89877 89875->89787 89878 7ffb0b99e38b PyErr_NewException 89875->89878 89876->89780 89877->89787 89879 7ffb0b99e46a PyModule_AddObject 89877->89879 89878->89787 89878->89871 89879->89787 89880 7ffb0b99e493 PyObject_CallObject 89879->89880 89880->89787 89882 7ffb0b99e4b1 PyModule_AddObject 89880->89882 89881->89787 89881->89871 89882->89787 89883 7ffb0b99e531 PyObject_CallObject 89882->89883 89883->89787 89884 7ffb0b99e54c PyModule_AddObject 89883->89884 89884->89787 89885 7ffb0b99e5aa 89884->89885 89886 7ffb0b99e5ba PyLong_FromSsize_t 89885->89886 89885->89887 89886->89787 89888 7ffb0b99e5d0 PyModule_AddObject 89886->89888 89887->89847 89887->89850 89888->89816 89888->89885 89890 7ffb0b9a71a0 PyErr_Format 89889->89890 89891 7ffb0b99e75f 89889->89891 89890->89785 89891->89890 89892 7ffb0b99e79d 89891->89892 89892->89785 89893->89784 89894->89788 89895 7ffb0bc44da4 89896 7ffb0bc44db0 89895->89896 89897 7ffb0bc44dd4 ERR_put_error 89896->89897 89899 7ffb0bc44e04 89896->89899 89898 7ffb0bc44df2 89897->89898 89899->89898 89932 7ffb0bc21da2 89899->89932 89901 7ffb0bc44e1e 89902 7ffb0bc44e22 ERR_put_error 89901->89902 89903 7ffb0bc44e88 CRYPTO_zalloc 89901->89903 89914 7ffb0bc44e44 ERR_put_error 89902->89914 89904 7ffb0bc44ea7 CRYPTO_THREAD_lock_new 89903->89904 89903->89914 89908 7ffb0bc44eee ERR_put_error CRYPTO_free 89904->89908 89910 7ffb0bc44f28 89904->89910 89909 7ffb0bc44e71 89908->89909 89911 7ffb0bc44f4e OPENSSL_LH_new 89910->89911 89910->89914 89912 7ffb0bc44f6e 89911->89912 89911->89914 89913 7ffb0bc44fe1 OPENSSL_sk_num 89912->89913 89912->89914 89913->89914 89915 7ffb0bc44ff2 89913->89915 89936 7ffb0bc22153 43 API calls 89914->89936 89915->89914 89916 7ffb0bc45007 EVP_get_digestbyname 89915->89916 89916->89914 89917 7ffb0bc4502f EVP_get_digestbyname 89916->89917 89917->89914 89918 7ffb0bc45057 OPENSSL_sk_new_null 89917->89918 89918->89914 89919 7ffb0bc4506c OPENSSL_sk_new_null 89918->89919 89919->89914 89920 7ffb0bc45081 CRYPTO_new_ex_data 89919->89920 89920->89914 89921 7ffb0bc4509d 89920->89921 89921->89914 89922 7ffb0bc450dd RAND_bytes 89921->89922 89937 7ffb0bc2129e CRYPTO_THREAD_run_once 89921->89937 89924 7ffb0bc45136 89922->89924 89925 7ffb0bc45108 RAND_priv_bytes 89922->89925 89928 7ffb0bc45140 RAND_priv_bytes 89924->89928 89925->89924 89927 7ffb0bc4511d RAND_priv_bytes 89925->89927 89926 7ffb0bc450d6 89926->89922 89927->89924 89927->89928 89928->89914 89929 7ffb0bc45159 89928->89929 89929->89914 89930 7ffb0bc45169 89929->89930 89938 7ffb0bc21f41 6 API calls 89930->89938 89932->89901 89933 7ffb0bc3abd0 89932->89933 89934 7ffb0bc3abda CRYPTO_THREAD_run_once 89933->89934 89935 7ffb0bc3ac04 89934->89935 89935->89901 89936->89909 89937->89926 89938->89909 89939 61cc6530 PySys_GetObject 89940 61cc655f PyTuple_GetItem 89939->89940 89941 61cc6b96 89939->89941 89940->89941 89942 61cc6576 PyLong_AsLong PyTuple_GetItem 89940->89942 89942->89941 89943 61cc659b PyLong_AsLong PySys_GetObject 89942->89943 89944 61cc65b6 PyLong_AsVoidPtr 89943->89944 89945 61cc65c2 GetProcAddress GetProcAddress GetProcAddress PyModule_Create2 89943->89945 89944->89945 89945->89941 89946 61cc6656 PyModule_GetName 89945->89946 89946->89941 89947 61cc666b strrchr 89946->89947 89948 61cc66bf 89947->89948 89949 61cc6688 malloc 89947->89949 89951 61cc6dc0 89948->89951 89952 61cc66de 89948->89952 89949->89948 89950 61cc66a2 memcpy 89949->89950 89950->89948 89953 61cc7527 exit 89951->89953 89968 61cc69ec 89951->89968 90170 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 89951->90170 89954 61cc7269 89952->89954 89955 61cc66f3 PyBytes_FromStringAndSize 89952->89955 89956 61cc7279 89954->89956 89957 61cc73a7 89954->89957 89959 61cc6711 PyBytes_AsString 89955->89959 90000 61cc6b90 89955->90000 89956->89953 90173 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 89956->90173 90174 61cc1660 13 API calls 89957->90174 89960 61cc672a malloc 89959->89960 89961 61cc6bb0 89959->89961 89960->89961 89964 61cc6741 PyCMethod_New 89960->89964 89971 61cc6bba _Py_Dealloc 89961->89971 89961->90000 89962 61cc6df0 89966 61cc6dfc PyErr_Format 89962->89966 89962->89968 89963 61cc6bc6 _Py_Dealloc 89963->89941 89969 61cc6789 PyCMethod_New 89964->89969 89970 61cc6bd1 89964->89970 89979 61cc6e30 89966->89979 89973 61cc7299 PyErr_Format 89968->89973 89975 61cc7244 89968->89975 89982 61cc74ed 89968->89982 89997 61cc6a07 89968->89997 89969->89970 89976 61cc67cf PyCMethod_New 89969->89976 89977 61cc6bdf 89970->89977 89978 61cc6d10 _Py_Dealloc 89970->89978 89971->89941 89971->89963 89991 61cc72cf 89973->89991 89974 61cc6a24 89974->89957 89980 61cc6a2c 89974->89980 89976->89970 89984 61cc6815 PyBytes_FromStringAndSize 89976->89984 89977->89961 89978->89968 89987 61cc6e4b PyBytes_AsStringAndSize 89979->89987 89979->90000 90120 61ce03d0 89980->90120 90182 61cc1660 13 API calls 89982->90182 89986 61cc6846 PyBytes_AsString 89984->89986 89984->90000 89990 61cd47e0 89986->89990 89987->90000 90012 61cc6e67 89987->90012 89988 61cc6a7f 89995 61cc6a8b 89988->89995 89996 61cc7497 89988->89996 89989 61cc74b5 90181 61cc1660 13 API calls 89989->90181 89998 61cc6924 _time64 srand 89990->89998 89992 61cc72e0 89991->89992 89993 61cc7422 89991->89993 89992->89953 90020 61cc72f3 89992->90020 90177 61cc80c0 7 API calls 89993->90177 90002 61cc6be5 malloc 89995->90002 90006 61cc6ac9 strstr 89995->90006 90007 61cc6b24 89995->90007 90180 61cc1660 13 API calls 89996->90180 89997->89975 89997->90000 90074 61cdfb70 89997->90074 90159 61cde170 __iob_func abort 89998->90159 90000->89941 90000->89963 90001 61cc6ec2 90001->89993 90019 61cc6ee9 memcpy 90001->90019 90008 61cc74d9 _errno 90002->90008 90009 61cc6c00 90002->90009 90005 61cc6ea5 90171 61cc80c0 7 API calls 90005->90171 90006->90007 90013 61cc6ae5 90006->90013 90016 61cc6b35 90007->90016 90017 61cc74d0 90007->90017 90014 61cc73f0 90008->90014 90166 61cc7d70 memcpy strlen memcpy __iob_func abort 90009->90166 90010 61cc695e 90010->89991 90160 61cde5e0 10 API calls 90010->90160 90012->90001 90012->90005 90013->90007 90021 61cc6b00 strncmp 90013->90021 90175 61cc7fc0 8 API calls 90014->90175 90016->89953 90022 61cc6b4c 90016->90022 90017->90008 90019->89968 90026 61cc6eff _Py_Dealloc 90019->90026 90027 61cc7313 PyErr_Format 90020->90027 90021->90002 90021->90007 90165 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 90022->90165 90023 61cc6c23 90167 61d3f550 __iob_func abort 90023->90167 90026->89968 90027->90000 90029 61cc73fa _errno 90029->90000 90031 61cc6973 90031->89991 90161 61cde350 10 API calls 90031->90161 90032 61cc6c3f 90034 61cc7407 90032->90034 90035 61cc6c47 90032->90035 90033 61cc6b59 90036 61cc744c 90033->90036 90037 61cc6b65 PyErr_Format 90033->90037 90176 61cc1660 13 API calls 90034->90176 90040 61cc6c59 malloc 90035->90040 90041 61cc6c54 free 90035->90041 90178 61cc1660 13 API calls 90036->90178 90037->90000 90043 61cc6c76 memcpy 90040->90043 90044 61cc73e1 _errno 90040->90044 90041->90040 90042 61cc6988 90042->89991 90162 61cddd80 10 API calls 90042->90162 90046 61cc6c97 90043->90046 90047 61cc6f30 90043->90047 90044->90014 90050 61cc6c9d 90046->90050 90051 61cc6d50 90046->90051 90047->89953 90069 61cc7333 90047->90069 90172 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 90047->90172 90049 61cc699d 90052 61cc7479 90049->90052 90053 61cc69ab 90049->90053 90056 61cc6cb7 malloc 90050->90056 90057 61cc6cb2 free 90050->90057 90065 61cc6ce6 90050->90065 90051->89953 90051->90069 90169 61cc13c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 90051->90169 90179 61cc1660 13 API calls 90052->90179 90163 61cde020 10 API calls 90053->90163 90061 61cc6cd4 memcpy 90056->90061 90062 61cc7513 _errno 90056->90062 90057->90056 90060 61cc69b7 90060->90036 90164 61cdded0 10 API calls 90060->90164 90061->90065 90062->90014 90063 61cc6f61 90067 61cc6f6d PyErr_Format 90063->90067 90063->90069 90064 61cc6cee 90064->90000 90073 61cc6cf6 90064->90073 90065->90064 90168 61cc4050 88 API calls 90065->90168 90066 61cc6d81 90068 61cc6d8d PyErr_Format 90066->90068 90066->90069 90067->90000 90068->90000 90069->89973 90072 61cc69d1 90072->89968 90072->89979 90072->89982 90073->89941 90075 61cdffec 90074->90075 90076 61cdfb90 90074->90076 90078 61cddd10 2 API calls 90075->90078 90077 61cdffd3 90076->90077 90079 61cdfbab 90076->90079 90080 61cdffba 90076->90080 90081 61cddd10 2 API calls 90077->90081 90082 61ce0005 90078->90082 90183 61ce1820 90079->90183 90192 61cddd10 __iob_func 90080->90192 90081->90075 90085 61ce01f5 90082->90085 90088 61ce01dc 90082->90088 90089 61ce004d 90082->90089 90087 61cddd10 2 API calls 90085->90087 90093 61ce020e 90087->90093 90092 61cddd10 2 API calls 90088->90092 90089->90093 90098 61ce0056 90089->90098 90090 61cdfc05 calloc 90094 61cdfc24 90090->90094 90104 61cdfd08 90090->90104 90091 61cdfbf3 90091->89974 90092->90085 90095 61cddd10 2 API calls 90093->90095 90187 61ce28d0 6 API calls 90094->90187 90111 61ce0136 90095->90111 90096 61ce0060 90096->89974 90098->90096 90105 61ce1820 24 API calls 90098->90105 90099 61cdfc5a 90100 61cdfc5e 90099->90100 90101 61cdfcd0 90099->90101 90188 61ce2760 __iob_func abort calloc free 90100->90188 90189 61ce2760 __iob_func abort calloc free 90101->90189 90108 61cdff30 90104->90108 90109 61cdfdc3 90104->90109 90115 61cdfcb4 90104->90115 90106 61ce00b2 90105->90106 90106->90096 90106->90111 90118 61ce00c8 90106->90118 90107 61cdfcbe free 90107->90091 90108->90115 90191 61ce2760 __iob_func abort calloc free 90108->90191 90109->90115 90190 61ce2760 __iob_func abort calloc free 90109->90190 90110 61ce1820 24 API calls 90110->90111 90111->90110 90117 61ce01c1 90111->90117 90197 61ce4fd0 __iob_func abort 90111->90197 90115->90107 90117->90111 90196 61ce1af0 __iob_func abort calloc free free 90117->90196 90118->90111 90118->90117 90195 61ce1af0 __iob_func abort calloc free free 90118->90195 90121 61ce040f 90120->90121 90122 61ce066b 90120->90122 90123 61ce0652 90121->90123 90125 61ce0639 90121->90125 90128 61ce0620 90121->90128 90136 61ce042a 90121->90136 90124 61cddd10 2 API calls 90122->90124 90126 61cddd10 2 API calls 90123->90126 90127 61ce0684 memcmp 90124->90127 90129 61cddd10 2 API calls 90125->90129 90126->90122 90130 61ce058e free 90127->90130 90157 61ce069a 90127->90157 90131 61cddd10 2 API calls 90128->90131 90129->90123 90132 61ce0596 free 90130->90132 90131->90125 90134 61ce05a5 90132->90134 90133 61cc6a77 90133->89988 90133->89989 90134->90132 90135 61ce4390 21 API calls 90134->90135 90135->90134 90136->90133 90137 61ce04a4 malloc 90136->90137 90137->90133 90138 61ce04bb 90137->90138 90530 61cdf6e0 90138->90530 90139 61ce04e9 90139->90132 90140 61ce050e 90139->90140 90141 61ce04fa free 90139->90141 90140->90134 90142 61ce0517 malloc 90140->90142 90141->90133 90142->90132 90143 61ce0549 90142->90143 90545 61ce4c20 memcpy 90143->90545 90145 61ce0578 90145->90130 90146 61ce0583 90145->90146 90147 61ce05f1 90145->90147 90146->90127 90146->90130 90147->90134 90546 61ce1cb0 __iob_func abort 90147->90546 90149 61ce07a1 90150 61ce07eb 90149->90150 90547 61ce1cb0 __iob_func abort 90149->90547 90152 61ce088d free 90150->90152 90153 61ce080f 90150->90153 90153->90130 90154 61ce083d memcmp 90153->90154 90154->90130 90155 61ce085f 90154->90155 90155->90130 90156 61ce086d memcmp 90155->90156 90156->90130 90156->90157 90157->90130 90159->90010 90160->90031 90161->90042 90162->90049 90163->90060 90164->90072 90165->90033 90166->90023 90167->90032 90168->90064 90169->90066 90170->89962 90171->90000 90172->90063 90173->89973 90174->90000 90175->90029 90176->90000 90177->90000 90178->90000 90179->90064 90180->90000 90181->90000 90182->90000 90184 61ce1857 90183->90184 90185 61cdfbed 90183->90185 90184->90185 90198 61cdca30 90184->90198 90185->90090 90185->90091 90187->90099 90188->90115 90189->90104 90190->90115 90191->90115 90193 61d41ae0 90192->90193 90194 61cddd41 abort 90193->90194 90195->90118 90196->90117 90197->90111 90199 61cdca39 90198->90199 90200 61cdca44 90198->90200 90199->90184 90201 61cddd10 2 API calls 90200->90201 90202 61cdca5d 90201->90202 90203 61cdca69 90202->90203 90204 61cddd10 2 API calls 90202->90204 90203->90184 90205 61cdcaa1 90204->90205 90206 61cdcab9 90205->90206 90207 61cddd10 2 API calls 90205->90207 90206->90184 90208 61cdcaf0 90207->90208 90209 61cdcb09 90208->90209 90210 61cdcb15 90208->90210 90507 61cecfd0 memset memset rand memset 90209->90507 90212 61cddd10 2 API calls 90210->90212 90218 61cdcb2e 90212->90218 90213 61cdcb0e 90213->90184 90214 61cdcbc2 90216 61cddd10 2 API calls 90214->90216 90215 61cdcba9 90217 61cddd10 2 API calls 90215->90217 90230 61cdcbdb 90216->90230 90217->90214 90218->90214 90218->90215 90219 61cdcb90 90218->90219 90221 61cdcb4c 90218->90221 90222 61cdcb77 90218->90222 90220 61cddd10 2 API calls 90219->90220 90220->90215 90508 61ce8950 9 API calls 90221->90508 90224 61cddd10 2 API calls 90222->90224 90223 61cdcc72 90227 61cddd10 2 API calls 90223->90227 90224->90219 90226 61cdcc59 90228 61cddd10 2 API calls 90226->90228 90232 61cdcc8b 90227->90232 90228->90223 90229 61cdcb51 90229->90184 90230->90223 90230->90226 90231 61cdcc40 90230->90231 90234 61cdcbfc 90230->90234 90235 61cdcc27 90230->90235 90233 61cddd10 2 API calls 90231->90233 90236 61cdcc9b 90232->90236 90237 61cddd10 2 API calls 90232->90237 90233->90226 90509 61ce8560 9 API calls 90234->90509 90238 61cddd10 2 API calls 90235->90238 90240 61cdcca0 90236->90240 90241 61cddd10 2 API calls 90236->90241 90237->90236 90238->90231 90240->90184 90243 61cdcd13 90241->90243 90242 61cdcc01 90242->90184 90244 61cdcf52 90243->90244 90246 61cddd10 2 API calls 90243->90246 90257 61cdcd38 90243->90257 90245 61cddd10 2 API calls 90244->90245 90247 61cdcf6b 90245->90247 90246->90244 90248 61cdcf79 90247->90248 90250 61cddd10 2 API calls 90247->90250 90249 61cdcf7e 90248->90249 90251 61cddd10 2 API calls 90248->90251 90249->90184 90250->90248 90252 61cdcfbc 90251->90252 90253 61cdcfc9 90252->90253 90254 61cdcfe2 90252->90254 90255 61cdd014 90253->90255 90258 61cdcffb 90253->90258 90259 61cdcfd3 90253->90259 90256 61cddd10 2 API calls 90254->90256 90260 61cddd10 2 API calls 90255->90260 90256->90258 90257->90184 90262 61cddd10 2 API calls 90258->90262 90510 61ced2c0 memset memcpy memset memset 90259->90510 90263 61cdd02d 90260->90263 90262->90255 90265 61cdd039 90263->90265 90267 61cddd10 2 API calls 90263->90267 90264 61cdcfdb 90264->90184 90266 61cdd081 90265->90266 90268 61cdd043 90265->90268 90270 61cddd10 2 API calls 90265->90270 90269 61cddd10 2 API calls 90266->90269 90267->90265 90268->90184 90271 61cdd09a 90269->90271 90270->90266 90272 61cdd0bf 90271->90272 90273 61cdd0a9 90271->90273 90274 61cddd10 2 API calls 90272->90274 90275 61cdd0f1 90273->90275 90276 61cdd0d8 90273->90276 90278 61cdd0b3 90273->90278 90274->90276 90277 61cddd10 2 API calls 90275->90277 90279 61cddd10 2 API calls 90276->90279 90280 61cdd10a 90277->90280 90511 61ce84a0 memset memset 90278->90511 90279->90275 90282 61cdd119 90280->90282 90284 61cddd10 2 API calls 90280->90284 90285 61cddd10 2 API calls 90282->90285 90289 61cdd11e 90282->90289 90283 61cdd0b8 90283->90184 90284->90282 90286 61cdd16e 90285->90286 90287 61cdd18f 90286->90287 90288 61cdd179 90286->90288 90291 61cddd10 2 API calls 90287->90291 90290 61cdd1c1 90288->90290 90292 61cdd1a8 90288->90292 90293 61cdd183 90288->90293 90289->90184 90294 61cddd10 2 API calls 90290->90294 90291->90292 90296 61cddd10 2 API calls 90292->90296 90512 61ce8890 memset memset 90293->90512 90297 61cdd1da 90294->90297 90296->90290 90299 61cddd10 2 API calls 90297->90299 90301 61cdd1e9 90297->90301 90298 61cdd188 90298->90184 90300 61cdd220 90299->90300 90302 61cdd239 90300->90302 90303 61cdd24a 90300->90303 90301->90184 90304 61cdd23e 90302->90304 90305 61cdd263 90302->90305 90306 61cddd10 2 API calls 90303->90306 90513 61ce9de0 memset 90304->90513 90308 61cddd10 2 API calls 90305->90308 90306->90305 90310 61cdd27c 90308->90310 90309 61cdd243 90309->90184 90311 61cdd28d 90310->90311 90312 61cdd2b4 90310->90312 90313 61cdd2cd 90311->90313 90314 61cdd292 90311->90314 90315 61cddd10 2 API calls 90312->90315 90317 61cddd10 2 API calls 90313->90317 90514 61d0a3f0 16 API calls 90314->90514 90315->90313 90323 61cdd2e6 90317->90323 90318 61cdd2a1 90318->90184 90319 61cdd382 90321 61cddd10 2 API calls 90319->90321 90320 61cdd369 90322 61cddd10 2 API calls 90320->90322 90325 61cdd39b 90321->90325 90322->90319 90323->90319 90323->90320 90324 61cdd350 90323->90324 90327 61cdd30c 90323->90327 90328 61cdd337 90323->90328 90326 61cddd10 2 API calls 90324->90326 90331 61cddd10 2 API calls 90325->90331 90326->90320 90515 61cecf40 16 API calls 90327->90515 90329 61cddd10 2 API calls 90328->90329 90329->90324 90333 61cdd3cb 90331->90333 90332 61cdd311 90332->90184 90334 61cdd3d9 90333->90334 90335 61cdd3ea 90333->90335 90336 61cdd3de 90334->90336 90337 61cdd403 90334->90337 90338 61cddd10 2 API calls 90335->90338 90516 61ced0c0 memset memset 90336->90516 90340 61cddd10 2 API calls 90337->90340 90338->90337 90342 61cdd41c 90340->90342 90341 61cdd3e3 90341->90184 90343 61cdd42d calloc 90342->90343 90344 61cdd44e 90342->90344 90343->90184 90345 61cddd10 2 API calls 90344->90345 90346 61cdd467 90345->90346 90347 61cdd500 90346->90347 90349 61cdd4e7 90346->90349 90350 61cdd487 calloc 90346->90350 90348 61cddd10 2 API calls 90347->90348 90352 61cdd519 90348->90352 90351 61cddd10 2 API calls 90349->90351 90353 61cdd4d1 90350->90353 90357 61cdd4a3 90350->90357 90351->90347 90354 61cdd599 90352->90354 90356 61cdd580 90352->90356 90360 61cdd567 90352->90360 90361 61cdd533 90352->90361 90353->90184 90355 61cddd10 2 API calls 90354->90355 90359 61cdd5b2 90355->90359 90358 61cddd10 2 API calls 90356->90358 90357->90353 90366 61cdd4c9 free 90357->90366 90358->90354 90363 61cdd639 90359->90363 90368 61cdd620 90359->90368 90370 61cdd607 90359->90370 90371 61cdd5d3 90359->90371 90362 61cddd10 2 API calls 90360->90362 90517 61d09d60 10 API calls 90361->90517 90362->90356 90367 61cddd10 2 API calls 90363->90367 90365 61cdd538 90365->90184 90366->90353 90379 61cdd652 90367->90379 90369 61cddd10 2 API calls 90368->90369 90369->90363 90372 61cddd10 2 API calls 90370->90372 90518 61d1b150 9 API calls 90371->90518 90372->90368 90373 61cdd6f2 90377 61cddd10 2 API calls 90373->90377 90375 61cdd5d8 90375->90184 90376 61cdd6d9 90378 61cddd10 2 API calls 90376->90378 90381 61cdd70b 90377->90381 90378->90373 90379->90373 90379->90376 90380 61cdd6c0 90379->90380 90383 61cdd67c 90379->90383 90384 61cdd6a7 90379->90384 90382 61cddd10 2 API calls 90380->90382 90385 61cdd72f 90381->90385 90386 61cdd719 90381->90386 90382->90376 90519 61d09b10 9 API calls 90383->90519 90390 61cddd10 2 API calls 90384->90390 90389 61cddd10 2 API calls 90385->90389 90388 61cdd761 90386->90388 90392 61cdd748 90386->90392 90393 61cdd723 90386->90393 90394 61cddd10 2 API calls 90388->90394 90389->90392 90390->90380 90391 61cdd681 90391->90184 90396 61cddd10 2 API calls 90392->90396 90520 61d0a6e0 9 API calls 90393->90520 90397 61cdd77a 90394->90397 90396->90388 90399 61cdd79f 90397->90399 90400 61cdd789 90397->90400 90398 61cdd728 90398->90184 90401 61cddd10 2 API calls 90399->90401 90402 61cdd7d1 90400->90402 90403 61cdd7b8 90400->90403 90405 61cdd793 90400->90405 90401->90403 90404 61cddd10 2 API calls 90402->90404 90406 61cddd10 2 API calls 90403->90406 90407 61cdd7ea 90404->90407 90521 61d09b60 9 API calls 90405->90521 90406->90402 90409 61cdd860 90407->90409 90412 61cddd10 2 API calls 90407->90412 90420 61cdd802 90407->90420 90411 61cddd10 2 API calls 90409->90411 90410 61cdd798 90410->90184 90413 61cdd879 90411->90413 90412->90409 90414 61cdd8d1 90413->90414 90416 61cdd88e 90413->90416 90417 61cdd8b8 90413->90417 90415 61cddd10 2 API calls 90414->90415 90418 61cdd8ea 90415->90418 90522 61ceaf40 9 API calls 90416->90522 90421 61cddd10 2 API calls 90417->90421 90422 61cdd8f9 90418->90422 90423 61cdd90a 90418->90423 90420->90184 90421->90414 90425 61cdd8fe 90422->90425 90426 61cdd923 90422->90426 90427 61cddd10 2 API calls 90423->90427 90424 61cdd893 90424->90184 90523 61d096c0 memset 90425->90523 90429 61cddd10 2 API calls 90426->90429 90427->90426 90431 61cdd93c 90429->90431 90430 61cdd903 90430->90184 90432 61cdd949 90431->90432 90433 61cdd95a 90431->90433 90435 61cdd94e 90432->90435 90436 61cdd973 90432->90436 90434 61cddd10 2 API calls 90433->90434 90434->90436 90524 61ce8910 memset memset 90435->90524 90437 61cddd10 2 API calls 90436->90437 90439 61cdd98c 90437->90439 90441 61cdd999 90439->90441 90442 61cdd9aa 90439->90442 90440 61cdd953 90440->90184 90443 61cdd99e 90441->90443 90444 61cdd9c3 90441->90444 90445 61cddd10 2 API calls 90442->90445 90525 61ce8520 memset memset 90443->90525 90447 61cddd10 2 API calls 90444->90447 90445->90444 90449 61cdd9dc 90447->90449 90448 61cdd9a3 90448->90184 90450 61cdd9e9 90449->90450 90451 61cdd9fa 90449->90451 90453 61cdd9ee 90450->90453 90454 61cdda13 90450->90454 90452 61cddd10 2 API calls 90451->90452 90452->90454 90526 61ce9450 memset 90453->90526 90455 61cddd10 2 API calls 90454->90455 90458 61cdda2c 90455->90458 90457 61cdd9f3 90457->90184 90459 61cdda39 90458->90459 90460 61cdda4a 90458->90460 90461 61cdda3e 90459->90461 90462 61cdda63 90459->90462 90463 61cddd10 2 API calls 90460->90463 90527 61ce9b30 memset memset 90461->90527 90465 61cddd10 2 API calls 90462->90465 90463->90462 90467 61cdda7c 90465->90467 90466 61cdda43 90466->90184 90468 61cddd10 2 API calls 90467->90468 90471 61cdda89 90467->90471 90469 61cddaab 90468->90469 90470 61cddb01 90469->90470 90472 61cddabe 90469->90472 90473 61cddae8 90469->90473 90474 61cddd10 2 API calls 90470->90474 90471->90184 90528 61ce9800 memset memset 90472->90528 90476 61cddd10 2 API calls 90473->90476 90477 61cddb1a 90474->90477 90476->90470 90478 61cddb71 90477->90478 90480 61cddb2e 90477->90480 90481 61cddb58 90477->90481 90482 61cddd10 2 API calls 90478->90482 90479 61cddac3 90479->90184 90529 61ce92c0 memset memset toupper memset 90480->90529 90484 61cddd10 2 API calls 90481->90484 90485 61cddb8a 90482->90485 90484->90478 90487 61cddb99 90485->90487 90488 61cddd10 2 API calls 90485->90488 90486 61cddb33 90486->90184 90487->90184 90489 61cddbbe 90488->90489 90490 61cddd10 2 API calls 90489->90490 90492 61cddbc9 90489->90492 90491 61cddbeb 90490->90491 90493 61cddd10 2 API calls 90491->90493 90495 61cddbf9 90491->90495 90492->90184 90494 61cddc1b 90493->90494 90496 61cddc29 90494->90496 90497 61cddd10 2 API calls 90494->90497 90495->90184 90496->90184 90498 61cddc4e 90497->90498 90499 61cddcad 90498->90499 90500 61cddc62 calloc 90498->90500 90503 61cddd10 2 API calls 90499->90503 90501 61cddc7c 90500->90501 90502 61cddca0 90500->90502 90504 61cddcc6 90501->90504 90505 61cddc81 90501->90505 90502->90184 90503->90504 90506 61cddd10 2 API calls 90504->90506 90505->90184 90506->90471 90507->90213 90508->90229 90509->90242 90510->90264 90511->90283 90512->90298 90513->90309 90514->90318 90515->90332 90516->90341 90517->90365 90518->90375 90519->90391 90520->90398 90521->90410 90522->90424 90523->90430 90524->90440 90525->90448 90526->90457 90527->90466 90528->90479 90529->90486 90531 61cdfad4 90530->90531 90532 61cdf70b 90530->90532 90534 61cddd10 2 API calls 90531->90534 90533 61cdfb06 90532->90533 90536 61cdfaed 90532->90536 90538 61cdfabb 90532->90538 90539 61cdf726 90532->90539 90535 61cddd10 2 API calls 90533->90535 90534->90536 90543 61cdf732 90535->90543 90537 61cddd10 2 API calls 90536->90537 90537->90533 90540 61cddd10 2 API calls 90538->90540 90541 61ce1820 24 API calls 90539->90541 90539->90543 90540->90531 90544 61cdf786 90541->90544 90543->90139 90544->90543 90548 61cde850 __iob_func abort 90544->90548 90545->90145 90546->90149 90547->90150 90548->90543 90549 7ff69e19c19c 90570 7ff69e19c37c 90549->90570 90552 7ff69e19c2f3 90722 7ff69e19c69c 7 API calls 2 library calls 90552->90722 90553 7ff69e19c1bd __scrt_acquire_startup_lock 90555 7ff69e19c2fd 90553->90555 90560 7ff69e19c1db __scrt_release_startup_lock 90553->90560 90723 7ff69e19c69c 7 API calls 2 library calls 90555->90723 90557 7ff69e19c308 __FrameHandler3::FrameUnwindToEmptyState 90558 7ff69e19c200 90559 7ff69e19c286 90578 7ff69e1aa658 90559->90578 90560->90558 90560->90559 90719 7ff69e1aaa04 45 API calls 90560->90719 90563 7ff69e19c28b 90584 7ff69e191000 90563->90584 90567 7ff69e19c2af 90567->90557 90721 7ff69e19c500 7 API calls 90567->90721 90569 7ff69e19c2c6 90569->90558 90571 7ff69e19c384 90570->90571 90572 7ff69e19c390 __scrt_dllmain_crt_thread_attach 90571->90572 90573 7ff69e19c1b5 90572->90573 90574 7ff69e19c39d 90572->90574 90573->90552 90573->90553 90724 7ff69e1ab2ac 90574->90724 90579 7ff69e1aa67d 90578->90579 90580 7ff69e1aa668 90578->90580 90579->90563 90580->90579 90741 7ff69e1aa0e8 40 API calls Concurrency::details::SchedulerProxy::DeleteThis 90580->90741 90582 7ff69e1aa686 90582->90579 90742 7ff69e1aa4a8 12 API calls 3 library calls 90582->90742 90585 7ff69e192b80 90584->90585 90743 7ff69e1a6360 90585->90743 90587 7ff69e192bbc 90750 7ff69e192a70 90587->90750 90591 7ff69e19bab0 _log10_special 8 API calls 90593 7ff69e1930ec 90591->90593 90720 7ff69e19c7ec GetModuleHandleW 90593->90720 90594 7ff69e192cdb 90596 7ff69e1939f0 108 API calls 90594->90596 90595 7ff69e192bfd 90597 7ff69e191c60 49 API calls 90595->90597 90598 7ff69e192ceb 90596->90598 90599 7ff69e192c1c 90597->90599 90600 7ff69e192d2a 90598->90600 90845 7ff69e1973f0 90598->90845 90822 7ff69e197c90 90599->90822 90854 7ff69e191e50 81 API calls _log10_special 90600->90854 90604 7ff69e192d1d 90606 7ff69e192d22 90604->90606 90607 7ff69e192d45 90604->90607 90605 7ff69e192c4f 90611 7ff69e192c7b __vcrt_freefls 90605->90611 90844 7ff69e197e00 40 API calls __vcrt_freefls 90605->90844 90609 7ff69e19f544 74 API calls 90606->90609 90610 7ff69e191c60 49 API calls 90607->90610 90609->90600 90612 7ff69e192d64 90610->90612 90613 7ff69e197c90 14 API calls 90611->90613 90621 7ff69e192c9e __vcrt_freefls 90611->90621 90617 7ff69e191930 115 API calls 90612->90617 90613->90621 90615 7ff69e192dcc 90857 7ff69e197e00 40 API calls __vcrt_freefls 90615->90857 90618 7ff69e192d8e 90617->90618 90618->90599 90620 7ff69e192d9e 90618->90620 90619 7ff69e192dd8 90858 7ff69e197e00 40 API calls __vcrt_freefls 90619->90858 90855 7ff69e191e50 81 API calls _log10_special 90620->90855 90626 7ff69e192cce __vcrt_freefls 90621->90626 90856 7ff69e197da0 40 API calls __vcrt_freefls 90621->90856 90624 7ff69e192de4 90859 7ff69e197e00 40 API calls __vcrt_freefls 90624->90859 90627 7ff69e197c90 14 API calls 90626->90627 90628 7ff69e192e04 90627->90628 90629 7ff69e192ef9 90628->90629 90630 7ff69e192e29 __vcrt_freefls 90628->90630 90861 7ff69e191e50 81 API calls _log10_special 90629->90861 90640 7ff69e192e6c 90630->90640 90860 7ff69e197da0 40 API calls __vcrt_freefls 90630->90860 90633 7ff69e197c90 14 API calls 90634 7ff69e19304f __vcrt_freefls 90633->90634 90635 7ff69e193187 90634->90635 90636 7ff69e19308a 90634->90636 90866 7ff69e193910 49 API calls 90635->90866 90637 7ff69e193094 90636->90637 90638 7ff69e19311a 90636->90638 90862 7ff69e1985d0 88 API calls _log10_special 90637->90862 90642 7ff69e197c90 14 API calls 90638->90642 90640->90633 90647 7ff69e193126 90642->90647 90643 7ff69e193195 90644 7ff69e1931b7 90643->90644 90645 7ff69e1931ab 90643->90645 90650 7ff69e191c60 49 API calls 90644->90650 90867 7ff69e193a60 90645->90867 90646 7ff69e193099 90648 7ff69e1930a5 90646->90648 90651 7ff69e1930f9 90646->90651 90647->90648 90652 7ff69e193133 90647->90652 90863 7ff69e191e50 81 API calls _log10_special 90648->90863 90662 7ff69e193171 __vcrt_freefls 90650->90662 90864 7ff69e197ac0 113 API calls 2 library calls 90651->90864 90655 7ff69e191c60 49 API calls 90652->90655 90658 7ff69e193151 90655->90658 90656 7ff69e19320a 90659 7ff69e1988f0 2 API calls 90656->90659 90657 7ff69e193101 90660 7ff69e19310e 90657->90660 90661 7ff69e193105 90657->90661 90658->90662 90663 7ff69e193158 90658->90663 90665 7ff69e19321d SetDllDirectoryW 90659->90665 90660->90662 90661->90648 90662->90656 90664 7ff69e1931ed SetDllDirectoryW LoadLibraryExW 90662->90664 90865 7ff69e191e50 81 API calls _log10_special 90663->90865 90664->90656 90669 7ff69e193250 90665->90669 90707 7ff69e1932a1 90665->90707 90668 7ff69e192bc9 __vcrt_freefls 90668->90591 90670 7ff69e197c90 14 API calls 90669->90670 90674 7ff69e19325c __vcrt_freefls 90670->90674 90671 7ff69e193362 90878 7ff69e192780 119 API calls 2 library calls 90671->90878 90673 7ff69e19336a 90673->90668 90879 7ff69e1985a0 LocalFree 90673->90879 90676 7ff69e193339 90674->90676 90681 7ff69e193295 90674->90681 90675 7ff69e19343f 90835 7ff69e192720 90675->90835 90877 7ff69e197da0 40 API calls __vcrt_freefls 90676->90877 90681->90707 90870 7ff69e196220 87 API calls memcpy_s 90681->90870 90684 7ff69e193474 90881 7ff69e196420 FreeLibrary 90684->90881 90689 7ff69e193480 90691 7ff69e1932b3 90871 7ff69e1967a0 115 API calls 2 library calls 90691->90871 90694 7ff69e1932c8 90697 7ff69e1932e9 90694->90697 90709 7ff69e1932cc 90694->90709 90872 7ff69e196260 118 API calls _log10_special 90694->90872 90697->90709 90873 7ff69e196610 150 API calls 90697->90873 90702 7ff69e193327 90876 7ff69e196420 FreeLibrary 90702->90876 90703 7ff69e1932fe 90703->90709 90874 7ff69e196950 82 API calls 90703->90874 90707->90671 90707->90675 90709->90707 90875 7ff69e192140 81 API calls _log10_special 90709->90875 90719->90559 90720->90567 90721->90569 90722->90555 90723->90557 90725 7ff69e1b46bc 90724->90725 90726 7ff69e19c3a2 90725->90726 90729 7ff69e1ad3c0 90725->90729 90726->90573 90728 7ff69e19cdb8 7 API calls 2 library calls 90726->90728 90728->90573 90740 7ff69e1b14e8 EnterCriticalSection 90729->90740 90731 7ff69e1ad3d0 90732 7ff69e1a9244 43 API calls 90731->90732 90733 7ff69e1ad3d9 90732->90733 90734 7ff69e1ad3e7 90733->90734 90735 7ff69e1ad1c8 45 API calls 90733->90735 90736 7ff69e1b1548 _isindst LeaveCriticalSection 90734->90736 90738 7ff69e1ad3e2 90735->90738 90737 7ff69e1ad3f3 90736->90737 90737->90725 90739 7ff69e1ad2b8 GetStdHandle GetFileType 90738->90739 90739->90734 90741->90582 90742->90579 90744 7ff69e1b0690 90743->90744 90746 7ff69e1b0736 90744->90746 90747 7ff69e1b06e3 90744->90747 90883 7ff69e1b0568 71 API calls _fread_nolock 90746->90883 90882 7ff69e1ab6f8 37 API calls 2 library calls 90747->90882 90749 7ff69e1b070c 90749->90587 90884 7ff69e19bdb0 90750->90884 90753 7ff69e192ad0 90886 7ff69e1987e0 FindFirstFileExW 90753->90886 90754 7ff69e192aab GetLastError 90891 7ff69e192310 80 API calls _log10_special 90754->90891 90757 7ff69e192ac6 90762 7ff69e19bab0 _log10_special 8 API calls 90757->90762 90759 7ff69e192ae3 90892 7ff69e198860 CreateFileW GetFinalPathNameByHandleW CloseHandle 90759->90892 90760 7ff69e192b3d 90894 7ff69e1989a0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 90760->90894 90765 7ff69e192b75 90762->90765 90764 7ff69e192b4b 90764->90757 90895 7ff69e191f30 78 API calls _log10_special 90764->90895 90765->90668 90772 7ff69e191930 90765->90772 90766 7ff69e192af0 90767 7ff69e192af4 90766->90767 90768 7ff69e192b0c __vcrt_FlsAlloc 90766->90768 90893 7ff69e191f30 78 API calls _log10_special 90767->90893 90768->90760 90771 7ff69e192b05 90771->90757 90773 7ff69e1939f0 108 API calls 90772->90773 90774 7ff69e191965 90773->90774 90775 7ff69e191c23 90774->90775 90777 7ff69e1973f0 83 API calls 90774->90777 90776 7ff69e19bab0 _log10_special 8 API calls 90775->90776 90778 7ff69e191c3e 90776->90778 90779 7ff69e1919ab 90777->90779 90778->90594 90778->90595 90781 7ff69e19fbcc 73 API calls 90779->90781 90821 7ff69e1919e3 90779->90821 90780 7ff69e19f544 74 API calls 90780->90775 90782 7ff69e1919c5 90781->90782 90783 7ff69e1919e8 90782->90783 90784 7ff69e1919c9 90782->90784 90786 7ff69e19f894 _fread_nolock 53 API calls 90783->90786 90896 7ff69e1a5de8 11 API calls memcpy_s 90784->90896 90788 7ff69e191a00 90786->90788 90787 7ff69e1919ce 90897 7ff69e192020 87 API calls _log10_special 90787->90897 90790 7ff69e191a25 90788->90790 90791 7ff69e191a06 90788->90791 90794 7ff69e191a5b 90790->90794 90795 7ff69e191a3c 90790->90795 90898 7ff69e1a5de8 11 API calls memcpy_s 90791->90898 90793 7ff69e191a0b 90899 7ff69e192020 87 API calls _log10_special 90793->90899 90798 7ff69e191c60 49 API calls 90794->90798 90900 7ff69e1a5de8 11 API calls memcpy_s 90795->90900 90800 7ff69e191a72 90798->90800 90799 7ff69e191a41 90901 7ff69e192020 87 API calls _log10_special 90799->90901 90802 7ff69e191c60 49 API calls 90800->90802 90803 7ff69e191abd 90802->90803 90804 7ff69e19fbcc 73 API calls 90803->90804 90805 7ff69e191ae1 90804->90805 90806 7ff69e191b15 90805->90806 90807 7ff69e191af6 90805->90807 90808 7ff69e19f894 _fread_nolock 53 API calls 90806->90808 90902 7ff69e1a5de8 11 API calls memcpy_s 90807->90902 90811 7ff69e191b2a 90808->90811 90810 7ff69e191afb 90903 7ff69e192020 87 API calls _log10_special 90810->90903 90813 7ff69e191b4f 90811->90813 90814 7ff69e191b30 90811->90814 90906 7ff69e19f608 37 API calls 2 library calls 90813->90906 90904 7ff69e1a5de8 11 API calls memcpy_s 90814->90904 90817 7ff69e191b35 90905 7ff69e192020 87 API calls _log10_special 90817->90905 90818 7ff69e191b69 90818->90821 90907 7ff69e191e50 81 API calls _log10_special 90818->90907 90821->90780 90823 7ff69e197c9a 90822->90823 90824 7ff69e1988f0 2 API calls 90823->90824 90825 7ff69e197cb9 GetEnvironmentVariableW 90824->90825 90826 7ff69e197d22 90825->90826 90827 7ff69e197cd6 ExpandEnvironmentStringsW 90825->90827 90829 7ff69e19bab0 _log10_special 8 API calls 90826->90829 90827->90826 90828 7ff69e197cf8 90827->90828 90908 7ff69e1989a0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 90828->90908 90831 7ff69e197d34 90829->90831 90831->90605 90832 7ff69e197d0a 90833 7ff69e19bab0 _log10_special 8 API calls 90832->90833 90834 7ff69e197d1a 90833->90834 90834->90605 90909 7ff69e1957c0 90835->90909 90838 7ff69e192759 90880 7ff69e192a30 FreeLibrary 90838->90880 90840 7ff69e192741 90840->90838 90977 7ff69e1954b0 90840->90977 90842 7ff69e19274d 90842->90838 90986 7ff69e195640 81 API calls 90842->90986 90844->90611 90846 7ff69e197414 90845->90846 90847 7ff69e1974eb __vcrt_freefls 90846->90847 90848 7ff69e19fbcc 73 API calls 90846->90848 90847->90604 90849 7ff69e197430 90848->90849 90849->90847 91040 7ff69e1a87a4 90849->91040 90851 7ff69e19fbcc 73 API calls 90852 7ff69e197445 90851->90852 90852->90847 90852->90851 90853 7ff69e19f894 _fread_nolock 53 API calls 90852->90853 90853->90852 90854->90668 90855->90668 90856->90615 90857->90619 90858->90624 90859->90626 90860->90640 90861->90668 90862->90646 90863->90668 90864->90657 90865->90668 90866->90643 90868 7ff69e191c60 49 API calls 90867->90868 90869 7ff69e193a90 90868->90869 90869->90662 90870->90691 90871->90694 90872->90697 90873->90703 90874->90709 90875->90702 90876->90707 90877->90707 90878->90673 90880->90684 90881->90689 90882->90749 90883->90749 90885 7ff69e192a7c GetModuleFileNameW 90884->90885 90885->90753 90885->90754 90887 7ff69e19881f FindClose 90886->90887 90888 7ff69e198832 90886->90888 90887->90888 90889 7ff69e19bab0 _log10_special 8 API calls 90888->90889 90890 7ff69e192ada 90889->90890 90890->90759 90890->90760 90891->90757 90892->90766 90893->90771 90894->90764 90895->90757 90896->90787 90897->90821 90898->90793 90899->90821 90900->90799 90901->90821 90902->90810 90903->90821 90904->90817 90905->90821 90906->90818 90907->90821 90908->90832 90910 7ff69e1957d5 90909->90910 90911 7ff69e191c60 49 API calls 90910->90911 90912 7ff69e195811 90911->90912 90913 7ff69e19581a 90912->90913 90914 7ff69e19583d 90912->90914 90997 7ff69e191e50 81 API calls _log10_special 90913->90997 90916 7ff69e193a60 49 API calls 90914->90916 90917 7ff69e195855 90916->90917 90918 7ff69e195873 90917->90918 90998 7ff69e191e50 81 API calls _log10_special 90917->90998 90987 7ff69e193990 90918->90987 90921 7ff69e19bab0 _log10_special 8 API calls 90922 7ff69e19272e 90921->90922 90922->90838 90940 7ff69e195960 90922->90940 90924 7ff69e19588b 90926 7ff69e193a60 49 API calls 90924->90926 90925 7ff69e1982e0 3 API calls 90925->90924 90927 7ff69e1958a4 90926->90927 90928 7ff69e1958c9 90927->90928 90929 7ff69e1958a9 90927->90929 90993 7ff69e1982e0 90928->90993 90999 7ff69e191e50 81 API calls _log10_special 90929->90999 90932 7ff69e1958d6 90933 7ff69e195921 90932->90933 90934 7ff69e1958e2 90932->90934 91001 7ff69e194c60 166 API calls 90933->91001 90935 7ff69e1988f0 2 API calls 90934->90935 90937 7ff69e1958fa GetLastError 90935->90937 91000 7ff69e192310 80 API calls _log10_special 90937->91000 90939 7ff69e195833 90939->90921 91002 7ff69e194830 90940->91002 90942 7ff69e195986 90943 7ff69e19598e 90942->90943 90944 7ff69e19599f 90942->90944 91027 7ff69e191e50 81 API calls _log10_special 90943->91027 91009 7ff69e1940c0 90944->91009 90948 7ff69e1959ab 91028 7ff69e191e50 81 API calls _log10_special 90948->91028 90949 7ff69e1959bc 90952 7ff69e1959cc 90949->90952 90954 7ff69e1959dd 90949->90954 90951 7ff69e19599a 90951->90840 91029 7ff69e191e50 81 API calls _log10_special 90952->91029 90955 7ff69e1959fc 90954->90955 90956 7ff69e195a0d 90954->90956 91030 7ff69e191e50 81 API calls _log10_special 90955->91030 90958 7ff69e195a1c 90956->90958 90959 7ff69e195a2d 90956->90959 91031 7ff69e191e50 81 API calls _log10_special 90958->91031 91013 7ff69e194180 90959->91013 90963 7ff69e195a3c 91032 7ff69e191e50 81 API calls _log10_special 90963->91032 90964 7ff69e195a4d 90966 7ff69e195a5c 90964->90966 90967 7ff69e195a6d 90964->90967 91033 7ff69e191e50 81 API calls _log10_special 90966->91033 90969 7ff69e195a7f 90967->90969 90971 7ff69e195a90 90967->90971 91034 7ff69e191e50 81 API calls _log10_special 90969->91034 90974 7ff69e195aba 90971->90974 91035 7ff69e1a818c 73 API calls 90971->91035 90973 7ff69e195aa8 91036 7ff69e1a818c 73 API calls 90973->91036 90974->90951 91037 7ff69e191e50 81 API calls _log10_special 90974->91037 90978 7ff69e1954d0 90977->90978 90978->90978 90979 7ff69e1954f9 90978->90979 90983 7ff69e195510 __vcrt_freefls 90978->90983 91039 7ff69e191e50 81 API calls _log10_special 90979->91039 90981 7ff69e195505 90981->90842 90982 7ff69e191450 114 API calls 90982->90983 90983->90982 90984 7ff69e191e50 81 API calls 90983->90984 90985 7ff69e19561b 90983->90985 90984->90983 90985->90842 90986->90838 90988 7ff69e19399a 90987->90988 90989 7ff69e1988f0 2 API calls 90988->90989 90990 7ff69e1939bf 90989->90990 90991 7ff69e19bab0 _log10_special 8 API calls 90990->90991 90992 7ff69e1939e7 90991->90992 90992->90924 90992->90925 90994 7ff69e1988f0 2 API calls 90993->90994 90995 7ff69e1982f4 LoadLibraryExW 90994->90995 90996 7ff69e198313 __vcrt_freefls 90995->90996 90996->90932 90997->90939 90998->90918 90999->90939 91000->90939 91001->90939 91005 7ff69e19485c 91002->91005 91003 7ff69e194864 91003->90942 91004 7ff69e194a04 91006 7ff69e194bc7 __vcrt_freefls 91004->91006 91007 7ff69e193c00 47 API calls 91004->91007 91005->91003 91005->91004 91038 7ff69e1a7a04 48 API calls 91005->91038 91006->90942 91007->91004 91010 7ff69e1940f0 91009->91010 91011 7ff69e19bab0 _log10_special 8 API calls 91010->91011 91012 7ff69e19415a 91011->91012 91012->90948 91012->90949 91014 7ff69e194195 91013->91014 91015 7ff69e191c60 49 API calls 91014->91015 91016 7ff69e1941e1 91015->91016 91017 7ff69e194263 __vcrt_freefls 91016->91017 91018 7ff69e191c60 49 API calls 91016->91018 91019 7ff69e19bab0 _log10_special 8 API calls 91017->91019 91020 7ff69e194220 91018->91020 91021 7ff69e1942ae 91019->91021 91020->91017 91022 7ff69e1988f0 2 API calls 91020->91022 91021->90963 91021->90964 91023 7ff69e194236 91022->91023 91024 7ff69e1988f0 2 API calls 91023->91024 91025 7ff69e19424d 91024->91025 91026 7ff69e1988f0 2 API calls 91025->91026 91026->91017 91027->90951 91028->90951 91029->90951 91030->90951 91031->90951 91032->90951 91033->90951 91034->90951 91035->90973 91036->90974 91037->90951 91038->91005 91039->90981 91041 7ff69e1a87d4 91040->91041 91044 7ff69e1a82b0 91041->91044 91043 7ff69e1a87ed 91043->90852 91045 7ff69e1a82fa 91044->91045 91046 7ff69e1a82cb 91044->91046 91054 7ff69e1a627c EnterCriticalSection 91045->91054 91055 7ff69e1ab6f8 37 API calls 2 library calls 91046->91055 91049 7ff69e1a82ff 91050 7ff69e1a831c 38 API calls 91049->91050 91052 7ff69e1a830b 91050->91052 91051 7ff69e1a82eb 91051->91043 91053 7ff69e1a6288 _fread_nolock LeaveCriticalSection 91052->91053 91053->91051 91055->91051

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 61CC5080 Relevance: 118.4, APIs: 58, Strings: 9, Instructions: 1172COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$000000$<frozen %U>$OOy#|i$__main__$__mp_main__$__spec__$hdinfo$keyinfo
                                                                                                                                                                                                                              • API String ID: 376477240-58712055
                                                                                                                                                                                                                              • Opcode ID: aa9977c45e3ec006dbacf3bafae9c48ff1d6dd02bcb06f05158bdefab51a51da
                                                                                                                                                                                                                              • Instruction ID: 063dd571ca6a22fcfd0d57ecd5faa1ba3fbe2b7da7f0738fefe1ffdfc180a505
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa9977c45e3ec006dbacf3bafae9c48ff1d6dd02bcb06f05158bdefab51a51da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73B24A72705B90C5EB158F6AE8903AD3BA2F785F88F498126CE5D47768EF39C851C342
                                                                                                                                                                                                                              Function 61CC6530 Relevance: 118.2, APIs: 51, Strings: 16, Instructions: 915librarystringloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON310 ref: 61CC6551
                                                                                                                                                                                                                              • PyTuple_GetItem.PYTHON310 ref: 61CC656B
                                                                                                                                                                                                                              • PyLong_AsLong.PYTHON310 ref: 61CC6580
                                                                                                                                                                                                                              • PyTuple_GetItem.PYTHON310 ref: 61CC6590
                                                                                                                                                                                                                              • PyLong_AsLong.PYTHON310 ref: 61CC659E
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON310 ref: 61CC65AD
                                                                                                                                                                                                                              • PyLong_AsVoidPtr.PYTHON310 ref: 61CC65B9
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC65DE
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC65FC
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61CC661A
                                                                                                                                                                                                                              • PyModule_Create2.PYTHON310 ref: 61CC6644
                                                                                                                                                                                                                              • PyModule_GetName.PYTHON310 ref: 61CC6659
                                                                                                                                                                                                                              • strrchr.MSVCRT ref: 61CC667E
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6694
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61CC66AE
                                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310 ref: 61CC6701
                                                                                                                                                                                                                              • PyBytes_AsString.PYTHON310 ref: 61CC671B
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC672F
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON310 ref: 61CC677D
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON310 ref: 61CC67C3
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON310 ref: 61CC6809
                                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON310 ref: 61CC6833
                                                                                                                                                                                                                              • PyBytes_AsString.PYTHON310 ref: 61CC6849
                                                                                                                                                                                                                              • _time64.MSVCRT ref: 61CC6926
                                                                                                                                                                                                                              • srand.MSVCRT ref: 61CC692E
                                                                                                                                                                                                                              • strstr.MSVCRT ref: 61CC6AD5
                                                                                                                                                                                                                              • strncmp.MSVCRT ref: 61CC6B11
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC6B84
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC6BBA
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC6BC9
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6BEA
                                                                                                                                                                                                                              • free.MSVCRT ref: 61CC6C54
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6C60
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61CC6C83
                                                                                                                                                                                                                              • free.MSVCRT ref: 61CC6CB2
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CC6CBE
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61CC6CE1
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC7328
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE613
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE630
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE652
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE672
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE692
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE6B2
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE6D2
                                                                                                                                                                                                                                • Part of subcall function 61CDE5E0: memcmp.MSVCRT ref: 61CDE6F2
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE383
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE3A3
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE3C5
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE3E5
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE405
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE425
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE445
                                                                                                                                                                                                                                • Part of subcall function 61CDE350: memcmp.MSVCRT ref: 61CDE465
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDDAB
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDDD5
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDDF4
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDE13
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDE32
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDE4D
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDE68
                                                                                                                                                                                                                                • Part of subcall function 61CDDD80: strcmp.MSVCRT ref: 61CDDE83
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE04B
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE06F
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE08B
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE0AA
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE0C9
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE0E4
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE0FF
                                                                                                                                                                                                                                • Part of subcall function 61CDE020: strcmp.MSVCRT ref: 61CDE11A
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDEFB
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDF25
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDF44
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDF63
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDF82
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDF9D
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDFB8
                                                                                                                                                                                                                                • Part of subcall function 61CDDED0: strcmp.MSVCRT ref: 61CDDFD3
                                                                                                                                                                                                                              • PyBytes_AsStringAndSize.PYTHON310 ref: 61CC6E58
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp$memcmp$Bytes_Stringmalloc$AddressLong_Method_ProcSizememcpy$DeallocErr_FormatFromItemLongModule_ObjectSys_Tuple_free$Create2NameVoid_time64srandstrncmpstrrchrstrstr
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$,*$.pyarmor.ikey$000000$C_ASSERT_ARMORED_INDEX$C_ENTER_CO_OBJECT_INDEX$C_LEAVE_CO_OBJECT_INDEX$PyCell_Get$PyCell_New$PyCell_Set$aes$dllhandle$pyarmor_runtime_$sha256$sprng$version_info
                                                                                                                                                                                                                              • API String ID: 3695841847-3717260241
                                                                                                                                                                                                                              • Opcode ID: 57beb1e1c9b7b7de6b58cbfc37ee6c83c64c1df4fff32cda8d69c18b73152b7c
                                                                                                                                                                                                                              • Instruction ID: b0cc22fa1ac255a693f4ffd26fc2946e98255802dc628caa3e472846c4b34fb4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57beb1e1c9b7b7de6b58cbfc37ee6c83c64c1df4fff32cda8d69c18b73152b7c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E682F172701B94C2EB01CB65E5547AE3BA2FB85F88F49C016CA4E4B794EF39D915C342
                                                                                                                                                                                                                              Function 00007FFB0BC2220C Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 212COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 995 7ffb0bc2220c-7ffb0bc44dd2 call 7ffb0bc212ee 999 7ffb0bc44e04-7ffb0bc44e0b call 7ffb0bc21073 995->999 1000 7ffb0bc44dd4-7ffb0bc44ded ERR_put_error 995->1000 1003 7ffb0bc44e10-7ffb0bc44e12 999->1003 1002 7ffb0bc44df2-7ffb0bc44e03 1000->1002 1003->1002 1004 7ffb0bc44e14-7ffb0bc44e20 call 7ffb0bc21da2 1003->1004 1007 7ffb0bc44e22-7ffb0bc44e3f ERR_put_error 1004->1007 1008 7ffb0bc44e88-7ffb0bc44ea5 CRYPTO_zalloc 1004->1008 1009 7ffb0bc44e44-7ffb0bc44e49 1007->1009 1008->1009 1010 7ffb0bc44ea7-7ffb0bc44eec CRYPTO_THREAD_lock_new 1008->1010 1011 7ffb0bc44e4f-7ffb0bc44e6c ERR_put_error call 7ffb0bc22153 1009->1011 1014 7ffb0bc44eee-7ffb0bc44f23 ERR_put_error CRYPTO_free 1010->1014 1015 7ffb0bc44f28-7ffb0bc44f48 call 7ffb0bc224e6 1010->1015 1016 7ffb0bc44e71 1011->1016 1014->1016 1015->1009 1020 7ffb0bc44f4e-7ffb0bc44f68 OPENSSL_LH_new 1015->1020 1017 7ffb0bc44e73-7ffb0bc44e87 1016->1017 1020->1009 1021 7ffb0bc44f6e-7ffb0bc44f7a call 7ffb0bc8e31f 1020->1021 1021->1009 1024 7ffb0bc44f80-7ffb0bc44f8f call 7ffb0bc8e69d 1021->1024 1024->1009 1027 7ffb0bc44f95-7ffb0bc44fa6 call 7ffb0bc2241e 1024->1027 1027->1009 1030 7ffb0bc44fac-7ffb0bc44fdb call 7ffb0bc21ec4 1027->1030 1033 7ffb0bc44fe1-7ffb0bc44fec OPENSSL_sk_num 1030->1033 1034 7ffb0bc451af-7ffb0bc451ba 1030->1034 1033->1034 1035 7ffb0bc44ff2-7ffb0bc45001 call 7ffb0bc8e5d1 1033->1035 1034->1011 1035->1009 1038 7ffb0bc45007-7ffb0bc4501d EVP_get_digestbyname 1035->1038 1039 7ffb0bc4502f-7ffb0bc45045 EVP_get_digestbyname 1038->1039 1040 7ffb0bc4501f-7ffb0bc4502a 1038->1040 1041 7ffb0bc45057-7ffb0bc45066 OPENSSL_sk_new_null 1039->1041 1042 7ffb0bc45047-7ffb0bc45052 1039->1042 1040->1011 1041->1009 1043 7ffb0bc4506c-7ffb0bc4507b OPENSSL_sk_new_null 1041->1043 1042->1011 1043->1009 1044 7ffb0bc45081-7ffb0bc45097 CRYPTO_new_ex_data 1043->1044 1044->1009 1045 7ffb0bc4509d-7ffb0bc450be call 7ffb0bc8e56b 1044->1045 1045->1009 1048 7ffb0bc450c4-7ffb0bc450cf 1045->1048 1049 7ffb0bc450dd-7ffb0bc45106 RAND_bytes 1048->1049 1050 7ffb0bc450d1-7ffb0bc450d6 call 7ffb0bc2129e 1048->1050 1052 7ffb0bc45136 1049->1052 1053 7ffb0bc45108-7ffb0bc4511b RAND_priv_bytes 1049->1053 1050->1049 1056 7ffb0bc45140-7ffb0bc45153 RAND_priv_bytes 1052->1056 1053->1052 1055 7ffb0bc4511d-7ffb0bc45134 RAND_priv_bytes 1053->1055 1055->1052 1055->1056 1056->1009 1057 7ffb0bc45159-7ffb0bc45163 call 7ffb0bc212d5 1056->1057 1057->1009 1060 7ffb0bc45169-7ffb0bc451aa call 7ffb0bc21f41 1057->1060 1060->1017
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                                              • API String ID: 1767461275-1115027282
                                                                                                                                                                                                                              • Opcode ID: 3645f380145c2284706b6986e079d24ed93b2d98b1f158f8d20cddb3902bffaf
                                                                                                                                                                                                                              • Instruction ID: 6c9f55a3fc3fcd6a35fc11e37b665a5c9172ba230694052c811fd91b4008937f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3645f380145c2284706b6986e079d24ed93b2d98b1f158f8d20cddb3902bffaf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FA13FB1A09B43A1FB68DF35D551BA97290EF44748F588135DA4E8BBA6EF3CE604C310
                                                                                                                                                                                                                              Function 00007FF69E1B7B74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1808 7ff69e1b7b74-7ff69e1b7be7 call 7ff69e1b78a8 1811 7ff69e1b7c01-7ff69e1b7c0b call 7ff69e1a93fc 1808->1811 1812 7ff69e1b7be9-7ff69e1b7bf2 call 7ff69e1a5dc8 1808->1812 1818 7ff69e1b7c26-7ff69e1b7c8f CreateFileW 1811->1818 1819 7ff69e1b7c0d-7ff69e1b7c24 call 7ff69e1a5dc8 call 7ff69e1a5de8 1811->1819 1817 7ff69e1b7bf5-7ff69e1b7bfc call 7ff69e1a5de8 1812->1817 1835 7ff69e1b7f42-7ff69e1b7f62 1817->1835 1820 7ff69e1b7c91-7ff69e1b7c97 1818->1820 1821 7ff69e1b7d0c-7ff69e1b7d17 GetFileType 1818->1821 1819->1817 1825 7ff69e1b7cd9-7ff69e1b7d07 GetLastError call 7ff69e1a5d5c 1820->1825 1826 7ff69e1b7c99-7ff69e1b7c9d 1820->1826 1828 7ff69e1b7d19-7ff69e1b7d54 GetLastError call 7ff69e1a5d5c CloseHandle 1821->1828 1829 7ff69e1b7d6a-7ff69e1b7d71 1821->1829 1825->1817 1826->1825 1833 7ff69e1b7c9f-7ff69e1b7cd7 CreateFileW 1826->1833 1828->1817 1843 7ff69e1b7d5a-7ff69e1b7d65 call 7ff69e1a5de8 1828->1843 1831 7ff69e1b7d73-7ff69e1b7d77 1829->1831 1832 7ff69e1b7d79-7ff69e1b7d7c 1829->1832 1838 7ff69e1b7d82-7ff69e1b7dd7 call 7ff69e1a9314 1831->1838 1832->1838 1839 7ff69e1b7d7e 1832->1839 1833->1821 1833->1825 1847 7ff69e1b7dd9-7ff69e1b7de5 call 7ff69e1b7ab0 1838->1847 1848 7ff69e1b7df6-7ff69e1b7e27 call 7ff69e1b7628 1838->1848 1839->1838 1843->1817 1847->1848 1855 7ff69e1b7de7 1847->1855 1853 7ff69e1b7e29-7ff69e1b7e2b 1848->1853 1854 7ff69e1b7e2d-7ff69e1b7e6f 1848->1854 1856 7ff69e1b7de9-7ff69e1b7df1 call 7ff69e1ab968 1853->1856 1857 7ff69e1b7e91-7ff69e1b7e9c 1854->1857 1858 7ff69e1b7e71-7ff69e1b7e75 1854->1858 1855->1856 1856->1835 1860 7ff69e1b7f40 1857->1860 1861 7ff69e1b7ea2-7ff69e1b7ea6 1857->1861 1858->1857 1859 7ff69e1b7e77-7ff69e1b7e8c 1858->1859 1859->1857 1860->1835 1861->1860 1863 7ff69e1b7eac-7ff69e1b7ef1 CloseHandle CreateFileW 1861->1863 1865 7ff69e1b7ef3-7ff69e1b7f21 GetLastError call 7ff69e1a5d5c call 7ff69e1a953c 1863->1865 1866 7ff69e1b7f26-7ff69e1b7f3b 1863->1866 1865->1866 1866->1860
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                                              • Opcode ID: 6900b12a6c6c443aa41c68e268e6275e38d412fb7e8bb922b7a0c5fbdd2459d5
                                                                                                                                                                                                                              • Instruction ID: d188ba02dc684ec1d486227a47d4799b605f5a00b0fd577e40c4c05f8d2b96b3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6900b12a6c6c443aa41c68e268e6275e38d412fb7e8bb922b7a0c5fbdd2459d5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2C1B136F28A4286EB24CF68D4D06BC3761EB59BA8B055375EE1E9B798CF38D055C310
                                                                                                                                                                                                                              Function 00007FF69E1987E0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                              • Opcode ID: bf04df12ed89424385b35bc97b9e30209b4e9d30cb3ee9ccc1531a0517fd62e7
                                                                                                                                                                                                                              • Instruction ID: 6d5c183bf86fe30d3a90fde70c2eccabb46cb81ed2faf2ca9a97094eaff7809d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf04df12ed89424385b35bc97b9e30209b4e9d30cb3ee9ccc1531a0517fd62e7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0C226A1C64686F7B08B64F4C876A7390FB94764F04433AFA6E426D4DF3CD049CB10
                                                                                                                                                                                                                              Function 00007FFB0B99DDDC Relevance: 198.4, APIs: 77, Strings: 36, Instructions: 650COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629889219.00007FFB0B981000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFB0B980000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629873832.00007FFB0B980000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629916648.00007FFB0B9A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629934037.00007FFB0B9B7000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629947883.00007FFB0B9B8000.00000008.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630002819.00007FFB0B9B9000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630020492.00007FFB0B9BA000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0b980000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Module_Object$String$Object_$CallTuple_$Pack$Err_FromReadyType_$AttrDict_ExceptionImportImport_ItemModuleUnicode___acrt_iob_func$ConstantMethod$ContextCreate2FormatFunctionInternLong_Ssize_tVar_fputc
                                                                                                                                                                                                                              • String ID: %s:%d: warning: $(O)$(ss)$1.70$2.5.1$BasicContext$Context$D:\a\1\s\Modules\_decimal\libmpdec\context.c$Decimal$DecimalException$DecimalTuple$DefaultContext$ExtendedContext$HAVE_CONTEXTVAR$HAVE_THREADS$MutableMapping$Number$Rational$SignalDict$X$__libmpdec_version__$__module__$__version__$as_integer_ratio$bit_length$collections$collections.abc$decimal$decimal.DecimalException$decimal_context$mpd_setminalloc: ignoring request to set MPD_MINALLOC a second time$namedtuple$numbers$register$s(OO){}$sign digits exponent
                                                                                                                                                                                                                              • API String ID: 2210023312-1398799035
                                                                                                                                                                                                                              • Opcode ID: c1ff8ca14523f96089b7d5b9a0d8bd12967f953275509cce669ba4746d8d11dd
                                                                                                                                                                                                                              • Instruction ID: 08d26f1ebf25715f543a3456581080ff8d327a3cb59d5a1b87155a189b113fc4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1ff8ca14523f96089b7d5b9a0d8bd12967f953275509cce669ba4746d8d11dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 516205A1E09B1382FA549B75E954EB833A4BF89B84F04C175DA0F963B4DF7DA844C380
                                                                                                                                                                                                                              Function 00007FF69E191000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 529COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                              • API String ID: 2776309574-3325264605
                                                                                                                                                                                                                              • Opcode ID: e3c9e3186ddb46232941edcda19b8474144587cd7e76f5bca59973997f4db7cf
                                                                                                                                                                                                                              • Instruction ID: 20d76ad72b4621590f020c6df664e0134a8dfc8d53bc4db9112961887c4279a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3c9e3186ddb46232941edcda19b8474144587cd7e76f5bca59973997f4db7cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0424F21E0C68291FB399B21B4D52F96691EF75784F8840B2F95EC62D6EF2CE549C320
                                                                                                                                                                                                                              Function 00007FF69E191930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1063 7ff69e191930-7ff69e19196b call 7ff69e1939f0 1066 7ff69e191c2e-7ff69e191c52 call 7ff69e19bab0 1063->1066 1067 7ff69e191971-7ff69e1919b1 call 7ff69e1973f0 1063->1067 1072 7ff69e1919b7-7ff69e1919c7 call 7ff69e19fbcc 1067->1072 1073 7ff69e191c1b-7ff69e191c1e call 7ff69e19f544 1067->1073 1078 7ff69e1919e8-7ff69e191a04 call 7ff69e19f894 1072->1078 1079 7ff69e1919c9-7ff69e1919e3 call 7ff69e1a5de8 call 7ff69e192020 1072->1079 1076 7ff69e191c23-7ff69e191c2b 1073->1076 1076->1066 1085 7ff69e191a25-7ff69e191a3a call 7ff69e1a5e08 1078->1085 1086 7ff69e191a06-7ff69e191a20 call 7ff69e1a5de8 call 7ff69e192020 1078->1086 1079->1073 1092 7ff69e191a5b-7ff69e191adc call 7ff69e191c60 * 2 call 7ff69e19fbcc 1085->1092 1093 7ff69e191a3c-7ff69e191a56 call 7ff69e1a5de8 call 7ff69e192020 1085->1093 1086->1073 1105 7ff69e191ae1-7ff69e191af4 call 7ff69e1a5e24 1092->1105 1093->1073 1108 7ff69e191b15-7ff69e191b2e call 7ff69e19f894 1105->1108 1109 7ff69e191af6-7ff69e191b10 call 7ff69e1a5de8 call 7ff69e192020 1105->1109 1115 7ff69e191b4f-7ff69e191b6b call 7ff69e19f608 1108->1115 1116 7ff69e191b30-7ff69e191b4a call 7ff69e1a5de8 call 7ff69e192020 1108->1116 1109->1073 1123 7ff69e191b7e-7ff69e191b8c 1115->1123 1124 7ff69e191b6d-7ff69e191b79 call 7ff69e191e50 1115->1124 1116->1073 1123->1073 1125 7ff69e191b92-7ff69e191b99 1123->1125 1124->1073 1129 7ff69e191ba1-7ff69e191ba7 1125->1129 1130 7ff69e191bc0-7ff69e191bcf 1129->1130 1131 7ff69e191ba9-7ff69e191bb6 1129->1131 1130->1130 1132 7ff69e191bd1-7ff69e191bda 1130->1132 1131->1132 1133 7ff69e191bef 1132->1133 1134 7ff69e191bdc-7ff69e191bdf 1132->1134 1136 7ff69e191bf1-7ff69e191c04 1133->1136 1134->1133 1135 7ff69e191be1-7ff69e191be4 1134->1135 1135->1133 1137 7ff69e191be6-7ff69e191be9 1135->1137 1138 7ff69e191c06 1136->1138 1139 7ff69e191c0d-7ff69e191c19 1136->1139 1137->1133 1140 7ff69e191beb-7ff69e191bed 1137->1140 1138->1139 1139->1073 1139->1129 1140->1136
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1973F0: _fread_nolock.LIBCMT ref: 00007FF69E19749A
                                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF69E1919FB
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E192020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF69E191B4A), ref: 00007FF69E192070
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                              • Opcode ID: 6f0fb0282e10422f888bdd4acf5062c6714093283ab30dc9baf7ea4e7ee44d87
                                                                                                                                                                                                                              • Instruction ID: 2d69f020cdce0ad996588d4f8f1ae6404505359ceeb2cca558552a3bd21b289f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f0fb0282e10422f888bdd4acf5062c6714093283ab30dc9baf7ea4e7ee44d87
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D816E71B0968295EB789B24E0C43B923A1FF68784F444076F98EC7799DE3CE5858760
                                                                                                                                                                                                                              Function 61CE03D0 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1141 61ce03d0-61ce0409 1142 61ce040f-61ce0412 1141->1142 1143 61ce066b-61ce067f call 61cddd10 1141->1143 1144 61ce0418-61ce041b 1142->1144 1145 61ce0652-61ce0666 call 61cddd10 1142->1145 1150 61ce0684-61ce0694 memcmp 1143->1150 1147 61ce0639-61ce064d call 61cddd10 1144->1147 1148 61ce0421-61ce0424 1144->1148 1145->1143 1147->1145 1151 61ce042a-61ce0436 1148->1151 1152 61ce0620-61ce062e 1148->1152 1154 61ce058e-61ce0591 free 1150->1154 1155 61ce069a-61ce06a0 1150->1155 1156 61ce0438-61ce0440 1151->1156 1157 61ce0460-61ce0463 1151->1157 1158 61ce0634 call 61cddd10 1152->1158 1159 61ce0596-61ce059b free 1154->1159 1155->1154 1156->1157 1160 61ce0442-61ce0457 1156->1160 1161 61ce0477-61ce04a2 1157->1161 1162 61ce0465-61ce0475 call 61ce1c50 1157->1162 1158->1147 1164 61ce05a5-61ce05d4 1159->1164 1161->1160 1174 61ce04a4-61ce04b9 malloc 1161->1174 1162->1160 1162->1161 1165 61ce05da-61ce05ef call 61ce4390 1164->1165 1166 61ce06a5-61ce06c0 call 61ce4390 1164->1166 1165->1159 1166->1159 1174->1160 1175 61ce04bb-61ce04e2 call 61cdf6e0 1174->1175 1176 61ce04e9-61ce04ed 1175->1176 1176->1159 1177 61ce04f3-61ce04f8 1176->1177 1178 61ce050e-61ce0511 1177->1178 1179 61ce04fa-61ce0509 free 1177->1179 1178->1164 1180 61ce0517-61ce0547 malloc 1178->1180 1179->1160 1180->1159 1181 61ce0549-61ce057c call 61ce4c20 1180->1181 1181->1154 1184 61ce057e-61ce0581 1181->1184 1185 61ce0583-61ce0588 1184->1185 1186 61ce05f1-61ce0612 1184->1186 1185->1150 1185->1154 1187 61ce0618-61ce061b 1186->1187 1188 61ce06c5-61ce07a3 call 61ce1cb0 1186->1188 1187->1159 1191 61ce07f6-61ce080d call 61ce2de0 1188->1191 1192 61ce07a5-61ce07f0 call 61ce1cb0 1188->1192 1197 61ce088d-61ce0890 free 1191->1197 1198 61ce080f-61ce0819 1191->1198 1192->1191 1192->1197 1198->1154 1199 61ce081f-61ce0837 1198->1199 1199->1154 1200 61ce083d-61ce0859 memcmp 1199->1200 1200->1154 1201 61ce085f-61ce0867 1200->1201 1201->1154 1202 61ce086d-61ce0882 memcmp 1201->1202 1202->1154 1203 61ce0888 1202->1203 1203->1155
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$memcmp$malloc
                                                                                                                                                                                                                              • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                                                              • API String ID: 2896619906-237625700
                                                                                                                                                                                                                              • Opcode ID: 081dea31bdf5f5099bf901d4ea042abd2c802e1258e2705553ed9b2c2f5f3434
                                                                                                                                                                                                                              • Instruction ID: 300d92e884d16b6660fc0541407657602f25cae0dca6aeb14bb9d647f31fcb00
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 081dea31bdf5f5099bf901d4ea042abd2c802e1258e2705553ed9b2c2f5f3434
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9B16972208681CAE720CF52E54879EBBA0F385788F548516DE8987B58EF7DC469CF90
                                                                                                                                                                                                                              Function 61CDCA30 Relevance: 14.7, APIs: 4, Strings: 5, Instructions: 1167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: a != NULL$b != NULL$c != NULL$d != NULL$src/math/tfm_desc.c
                                                                                                                                                                                                                              • API String ID: 0-1480740242
                                                                                                                                                                                                                              • Opcode ID: 657c854f8109656302f608bda54c764ce64ad2eb77a8cffc9c6784cd85f3d5ed
                                                                                                                                                                                                                              • Instruction ID: 679c848b80e72bc134cca2b688023156318431221b87f35e7c8ae15312a74bee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 657c854f8109656302f608bda54c764ce64ad2eb77a8cffc9c6784cd85f3d5ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9292DF74F11A46C1FF04EBA4D8803FC66A2EBA5784F94D516CA0E436A4FB7AC256CF11
                                                                                                                                                                                                                              Function 00007FF69E191450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                              • Opcode ID: 3b29cd868939d2b9268413f6f9bff4204735783e3708139f1dc6f26693374acc
                                                                                                                                                                                                                              • Instruction ID: c159f3db215362ed4f95ac2cfb4c0df4f3e8716bc48664a9ee9cbc609f804acc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b29cd868939d2b9268413f6f9bff4204735783e3708139f1dc6f26693374acc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16418F72B0864256FB28DB21E4802F96391FF69794F8544B2FD0D87B99DE3CE585C720
                                                                                                                                                                                                                              Function 00007FF69E1911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1871 7ff69e1911f0-7ff69e19124d call 7ff69e19b2e0 1874 7ff69e19124f-7ff69e191276 call 7ff69e191e50 1871->1874 1875 7ff69e191277-7ff69e19128f call 7ff69e1a5e24 1871->1875 1880 7ff69e191291-7ff69e1912af call 7ff69e1a5de8 call 7ff69e192020 1875->1880 1881 7ff69e1912b4-7ff69e1912c4 call 7ff69e1a5e24 1875->1881 1893 7ff69e191419-7ff69e19144d call 7ff69e19afc0 call 7ff69e1a5e10 * 2 1880->1893 1887 7ff69e1912c6-7ff69e1912e4 call 7ff69e1a5de8 call 7ff69e192020 1881->1887 1888 7ff69e1912e9-7ff69e1912fb 1881->1888 1887->1893 1889 7ff69e191300-7ff69e19131d call 7ff69e19f894 1888->1889 1896 7ff69e191322-7ff69e191325 1889->1896 1899 7ff69e191411 1896->1899 1900 7ff69e19132b-7ff69e191335 call 7ff69e19f608 1896->1900 1899->1893 1900->1899 1907 7ff69e19133b-7ff69e191347 1900->1907 1909 7ff69e191350-7ff69e191378 call 7ff69e199720 1907->1909 1912 7ff69e1913f6-7ff69e19140c call 7ff69e191e50 1909->1912 1913 7ff69e19137a-7ff69e19137d 1909->1913 1912->1899 1914 7ff69e19137f-7ff69e191389 1913->1914 1915 7ff69e1913f1 1913->1915 1917 7ff69e1913b4-7ff69e1913b7 1914->1917 1918 7ff69e19138b-7ff69e1913a1 call 7ff69e19ffd4 1914->1918 1915->1912 1919 7ff69e1913b9-7ff69e1913c7 call 7ff69e1bb040 1917->1919 1920 7ff69e1913ca-7ff69e1913cf 1917->1920 1925 7ff69e1913af-7ff69e1913b2 1918->1925 1926 7ff69e1913a3-7ff69e1913ad call 7ff69e19f608 1918->1926 1919->1920 1920->1909 1923 7ff69e1913d5-7ff69e1913d8 1920->1923 1928 7ff69e1913da-7ff69e1913dd 1923->1928 1929 7ff69e1913ec-7ff69e1913ef 1923->1929 1925->1912 1926->1920 1926->1925 1928->1912 1931 7ff69e1913df-7ff69e1913e7 1928->1931 1929->1899 1931->1889
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                              • Opcode ID: 91f62cc80b3c7fc0dc8cdb411267086f7357e44017bfaadf1bbe0039e9c1b7a1
                                                                                                                                                                                                                              • Instruction ID: 5f24e14aa1e1b619edb470d4464151d3af3cdc3853ec66c01bb5db9ece5c4cc3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91f62cc80b3c7fc0dc8cdb411267086f7357e44017bfaadf1bbe0039e9c1b7a1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9651E122B0868241EA78AB11B4803BA62A1FFA57A4F484175FD4DC7BC5EF3CE585C720
                                                                                                                                                                                                                              Function 00007FF69E192A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF69E192BC5), ref: 00007FF69E192AA1
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF69E192BC5), ref: 00007FF69E192AAB
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E192310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E192AC6,?,00007FF69E192BC5), ref: 00007FF69E192360
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E192310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E192AC6,?,00007FF69E192BC5), ref: 00007FF69E19241A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                              • API String ID: 4002088556-2863816727
                                                                                                                                                                                                                              • Opcode ID: aed140f8d8e2637361ba54921802919f4f3b7eb641456186ceb893f60fbbd120
                                                                                                                                                                                                                              • Instruction ID: 573240ce2c2d56d649bc6abb3620cdb0e0dfc17d8a6449be81371fe29533e2b5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aed140f8d8e2637361ba54921802919f4f3b7eb641456186ceb893f60fbbd120
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52217F21F1864691FB749B21F8853BA2394FFA8794F8001B2F55EC66E9EE2CE505C724
                                                                                                                                                                                                                              Function 00007FF69E1AC8FC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 2032 7ff69e1ac8fc-7ff69e1ac922 2033 7ff69e1ac924-7ff69e1ac938 call 7ff69e1a5dc8 call 7ff69e1a5de8 2032->2033 2034 7ff69e1ac93d-7ff69e1ac941 2032->2034 2048 7ff69e1acd2e 2033->2048 2036 7ff69e1acd17-7ff69e1acd23 call 7ff69e1a5dc8 call 7ff69e1a5de8 2034->2036 2037 7ff69e1ac947-7ff69e1ac94e 2034->2037 2054 7ff69e1acd29 call 7ff69e1ab7c4 2036->2054 2037->2036 2040 7ff69e1ac954-7ff69e1ac982 2037->2040 2040->2036 2042 7ff69e1ac988-7ff69e1ac98f 2040->2042 2046 7ff69e1ac991-7ff69e1ac9a3 call 7ff69e1a5dc8 call 7ff69e1a5de8 2042->2046 2047 7ff69e1ac9a8-7ff69e1ac9ab 2042->2047 2046->2054 2051 7ff69e1ac9b1-7ff69e1ac9b7 2047->2051 2052 7ff69e1acd13-7ff69e1acd15 2047->2052 2053 7ff69e1acd31-7ff69e1acd48 2048->2053 2051->2052 2056 7ff69e1ac9bd-7ff69e1ac9c0 2051->2056 2052->2053 2054->2048 2056->2046 2057 7ff69e1ac9c2-7ff69e1ac9e7 2056->2057 2060 7ff69e1ac9e9-7ff69e1ac9eb 2057->2060 2061 7ff69e1aca1a-7ff69e1aca21 2057->2061 2063 7ff69e1aca12-7ff69e1aca18 2060->2063 2064 7ff69e1ac9ed-7ff69e1ac9f4 2060->2064 2065 7ff69e1aca23-7ff69e1aca2f call 7ff69e1ae664 2061->2065 2066 7ff69e1ac9f6-7ff69e1aca0d call 7ff69e1a5dc8 call 7ff69e1a5de8 call 7ff69e1ab7c4 2061->2066 2068 7ff69e1aca98-7ff69e1acaaf 2063->2068 2064->2063 2064->2066 2073 7ff69e1aca34-7ff69e1aca4b call 7ff69e1ab404 * 2 2065->2073 2097 7ff69e1acba0 2066->2097 2071 7ff69e1acab1-7ff69e1acab9 2068->2071 2072 7ff69e1acb2a-7ff69e1acb34 call 7ff69e1b4b2c 2068->2072 2071->2072 2076 7ff69e1acabb-7ff69e1acabd 2071->2076 2084 7ff69e1acbbe 2072->2084 2085 7ff69e1acb3a-7ff69e1acb4f 2072->2085 2093 7ff69e1aca68-7ff69e1aca93 call 7ff69e1ad124 2073->2093 2094 7ff69e1aca4d-7ff69e1aca63 call 7ff69e1a5de8 call 7ff69e1a5dc8 2073->2094 2076->2072 2081 7ff69e1acabf-7ff69e1acad5 2076->2081 2081->2072 2086 7ff69e1acad7-7ff69e1acae3 2081->2086 2089 7ff69e1acbc3-7ff69e1acbe3 ReadFile 2084->2089 2085->2084 2091 7ff69e1acb51-7ff69e1acb63 GetConsoleMode 2085->2091 2086->2072 2087 7ff69e1acae5-7ff69e1acae7 2086->2087 2087->2072 2092 7ff69e1acae9-7ff69e1acb01 2087->2092 2095 7ff69e1acbe9-7ff69e1acbf1 2089->2095 2096 7ff69e1accdd-7ff69e1acce6 GetLastError 2089->2096 2091->2084 2098 7ff69e1acb65-7ff69e1acb6d 2091->2098 2092->2072 2100 7ff69e1acb03-7ff69e1acb0f 2092->2100 2093->2068 2094->2097 2095->2096 2102 7ff69e1acbf7 2095->2102 2105 7ff69e1acd03-7ff69e1acd06 2096->2105 2106 7ff69e1acce8-7ff69e1accfe call 7ff69e1a5de8 call 7ff69e1a5dc8 2096->2106 2099 7ff69e1acba3-7ff69e1acbad call 7ff69e1ab404 2097->2099 2098->2089 2104 7ff69e1acb6f-7ff69e1acb91 ReadConsoleW 2098->2104 2099->2053 2100->2072 2108 7ff69e1acb11-7ff69e1acb13 2100->2108 2112 7ff69e1acbfe-7ff69e1acc13 2102->2112 2114 7ff69e1acbb2-7ff69e1acbbc 2104->2114 2115 7ff69e1acb93 GetLastError 2104->2115 2110 7ff69e1acb99-7ff69e1acb9b call 7ff69e1a5d5c 2105->2110 2111 7ff69e1acd0c-7ff69e1acd0e 2105->2111 2106->2097 2108->2072 2119 7ff69e1acb15-7ff69e1acb25 2108->2119 2110->2097 2111->2099 2112->2099 2121 7ff69e1acc15-7ff69e1acc20 2112->2121 2114->2112 2115->2110 2119->2072 2125 7ff69e1acc22-7ff69e1acc3b call 7ff69e1ac514 2121->2125 2126 7ff69e1acc47-7ff69e1acc4f 2121->2126 2132 7ff69e1acc40-7ff69e1acc42 2125->2132 2129 7ff69e1acc51-7ff69e1acc63 2126->2129 2130 7ff69e1acccb-7ff69e1accd8 call 7ff69e1ac354 2126->2130 2133 7ff69e1accbe-7ff69e1accc6 2129->2133 2134 7ff69e1acc65 2129->2134 2130->2132 2132->2099 2133->2099 2135 7ff69e1acc6a-7ff69e1acc71 2134->2135 2137 7ff69e1acc73-7ff69e1acc77 2135->2137 2138 7ff69e1accad-7ff69e1accb8 2135->2138 2139 7ff69e1acc93 2137->2139 2140 7ff69e1acc79-7ff69e1acc80 2137->2140 2138->2133 2142 7ff69e1acc99-7ff69e1acca9 2139->2142 2140->2139 2141 7ff69e1acc82-7ff69e1acc86 2140->2141 2141->2139 2143 7ff69e1acc88-7ff69e1acc91 2141->2143 2142->2135 2144 7ff69e1accab 2142->2144 2143->2142 2144->2133
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: b84f99598af9228c6ddbc1f90d02b3ffc499ddb0e7ad6440c3b0aa44b94abea4
                                                                                                                                                                                                                              • Instruction ID: 916c05f46c9f49f610706a61eefaca6229687c7fa24c08b119aedc524c1ab6f5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b84f99598af9228c6ddbc1f90d02b3ffc499ddb0e7ad6440c3b0aa44b94abea4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49C1E122A4C78291E7708B1594842BD3B99FFA1BE0F5941B1FA4E83791DF7DE84D8320
                                                                                                                                                                                                                              Function 00007FF69E1957C0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                              • Opcode ID: 257374478d975465f30fecfeee25a4ce820cf249e902578530a6dfb696dcd882
                                                                                                                                                                                                                              • Instruction ID: 45fde336b960ba385dc2fc29373c465883111783f3788f37084f2ff92a899d81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 257374478d975465f30fecfeee25a4ce820cf249e902578530a6dfb696dcd882
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1419E31E08A8B91FA35DB21F4842E96315FB64384F800172FA5ED769AEF3CE645C360
                                                                                                                                                                                                                              Function 00007FF69E1A6584 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                              • Opcode ID: 90a68cc1d689661d78c71e507df06edcdc27397f5c551dab54a651660f08bd46
                                                                                                                                                                                                                              • Instruction ID: 972609c09b9ddc3f1ffd108bbdd87e9af2ca35b4acaad9bf9a05c08f5190d361
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90a68cc1d689661d78c71e507df06edcdc27397f5c551dab54a651660f08bd46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA41A162E1878283E7649B2195903797260FFB5764F109374F66C83AD6DF7CE4E48720
                                                                                                                                                                                                                              Function 00007FF69E19F634 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 2340 7ff69e19f634-7ff69e19f661 2341 7ff69e19f663-7ff69e19f666 2340->2341 2342 7ff69e19f67d 2340->2342 2341->2342 2344 7ff69e19f668-7ff69e19f66b 2341->2344 2343 7ff69e19f67f-7ff69e19f693 2342->2343 2345 7ff69e19f694-7ff69e19f697 2344->2345 2346 7ff69e19f66d-7ff69e19f672 call 7ff69e1a5de8 2344->2346 2347 7ff69e19f6a7-7ff69e19f6ab 2345->2347 2348 7ff69e19f699-7ff69e19f6a5 2345->2348 2354 7ff69e19f678 call 7ff69e1ab7c4 2346->2354 2351 7ff69e19f6bf-7ff69e19f6c2 2347->2351 2352 7ff69e19f6ad-7ff69e19f6b7 call 7ff69e1bb6e0 2347->2352 2348->2347 2350 7ff69e19f6d2-7ff69e19f6db 2348->2350 2357 7ff69e19f6e2 2350->2357 2358 7ff69e19f6dd-7ff69e19f6e0 2350->2358 2351->2346 2356 7ff69e19f6c4-7ff69e19f6d0 2351->2356 2352->2351 2354->2342 2356->2346 2356->2350 2361 7ff69e19f6e7-7ff69e19f706 2357->2361 2358->2361 2362 7ff69e19f84d-7ff69e19f850 2361->2362 2363 7ff69e19f70c-7ff69e19f71a 2361->2363 2362->2343 2364 7ff69e19f792-7ff69e19f797 2363->2364 2365 7ff69e19f71c-7ff69e19f723 2363->2365 2367 7ff69e19f804-7ff69e19f807 call 7ff69e1acd4c 2364->2367 2368 7ff69e19f799-7ff69e19f7a5 2364->2368 2365->2364 2366 7ff69e19f725 2365->2366 2369 7ff69e19f878 2366->2369 2370 7ff69e19f72b-7ff69e19f735 2366->2370 2378 7ff69e19f80c-7ff69e19f80f 2367->2378 2371 7ff69e19f7b1-7ff69e19f7b7 2368->2371 2372 7ff69e19f7a7-7ff69e19f7ae 2368->2372 2377 7ff69e19f87d-7ff69e19f888 2369->2377 2374 7ff69e19f855-7ff69e19f859 2370->2374 2375 7ff69e19f73b-7ff69e19f741 2370->2375 2371->2374 2376 7ff69e19f7bd-7ff69e19f7da call 7ff69e1ab324 call 7ff69e1ac8fc 2371->2376 2372->2371 2382 7ff69e19f868-7ff69e19f873 call 7ff69e1a5de8 2374->2382 2383 7ff69e19f85b-7ff69e19f863 call 7ff69e1bb6e0 2374->2383 2380 7ff69e19f743-7ff69e19f746 2375->2380 2381 7ff69e19f779-7ff69e19f78d 2375->2381 2399 7ff69e19f7df-7ff69e19f7e1 2376->2399 2377->2343 2378->2377 2379 7ff69e19f811-7ff69e19f814 2378->2379 2379->2374 2385 7ff69e19f816-7ff69e19f82d 2379->2385 2387 7ff69e19f764-7ff69e19f76f call 7ff69e1a5de8 call 7ff69e1ab7c4 2380->2387 2388 7ff69e19f748-7ff69e19f74e 2380->2388 2386 7ff69e19f834-7ff69e19f83f 2381->2386 2382->2354 2383->2382 2385->2386 2386->2363 2392 7ff69e19f845 2386->2392 2406 7ff69e19f774 2387->2406 2393 7ff69e19f750-7ff69e19f758 call 7ff69e1bb040 2388->2393 2394 7ff69e19f75a-7ff69e19f75f call 7ff69e1bb6e0 2388->2394 2392->2362 2393->2406 2394->2387 2403 7ff69e19f7e7 2399->2403 2404 7ff69e19f88d-7ff69e19f892 2399->2404 2403->2369 2407 7ff69e19f7ed-7ff69e19f802 2403->2407 2404->2377 2406->2381 2407->2386
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: eff41cba983b05e0f9e09f52185aba8178b112ae95ee52c2a1f9a5fdd57fcc68
                                                                                                                                                                                                                              • Instruction ID: 1be00c53b70dbf55f9fb0da38f5a166946e9329541ed1591f933b121ae1f373c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eff41cba983b05e0f9e09f52185aba8178b112ae95ee52c2a1f9a5fdd57fcc68
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3510821F09B8296FA789E25A48067A6291FF68BB4F144774FD7C877D9CF3CE4418620
                                                                                                                                                                                                                              Function 00007FF69E19C19C Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1236291503-0
                                                                                                                                                                                                                              • Opcode ID: 0062f537d7c131bdaaf4aef5eb59421e6e9ee6bfc8727e8bca4d357a962c4ab6
                                                                                                                                                                                                                              • Instruction ID: dc87d0d1e768ca5f01d2cefcf49844a80befc7fc0432e0402bb41aadc727254f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0062f537d7c131bdaaf4aef5eb59421e6e9ee6bfc8727e8bca4d357a962c4ab6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04311B21E4C20342FA74ABA5A4D13B91291EFA5784F4440B5FA8DCB7D7DE2CB4448671
                                                                                                                                                                                                                              Function 00007FF69E1AD2B8 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                                                                              • Opcode ID: 336ff322d096320c7609ad2a1ebfb1af701ecd8db59b0b6a36a9cc413741d25d
                                                                                                                                                                                                                              • Instruction ID: 08485d938d39b7223dce87a1134b404a4e4fa376a58007fb0efd60f92f524b86
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 336ff322d096320c7609ad2a1ebfb1af701ecd8db59b0b6a36a9cc413741d25d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2531B362A18F4581EB348B1585D027C6650FF65BB4F6903B9EB6E873E0CF38E4A5C310
                                                                                                                                                                                                                              Function 00007FF69E1ACFD4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF69E1ACFC0,?,?,?,?,?,00007FF69E1AD0C9), ref: 00007FF69E1AD020
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF69E1ACFC0,?,?,?,?,?,00007FF69E1AD0C9), ref: 00007FF69E1AD02A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                              • Opcode ID: c8d9032d6f18d1acbd55ff3d5784a6e8b9f1708e95d0104a6ada3112851001ef
                                                                                                                                                                                                                              • Instruction ID: 543f56c799c393360bac886190e69c6aee036643aa23b23035274b0bf5596ae3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8d9032d6f18d1acbd55ff3d5784a6e8b9f1708e95d0104a6ada3112851001ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611C461A08B4181DA208B25F58417D6361EB54BF4F540771FE7D8B7D9CF7CD0558704
                                                                                                                                                                                                                              Function 00007FF69E1AB404 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB41A
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF69E1B3F32,?,?,?,00007FF69E1B3F6F,?,?,00000000,00007FF69E1B4435,?,?,?,00007FF69E1B4367), ref: 00007FF69E1AB424
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                              • Opcode ID: 0e9bd81d70d272d571b15e7d509907a6bc8aa23799849ce19584cafaa201c9c5
                                                                                                                                                                                                                              • Instruction ID: 8fadb2bb18ef992cef606f2fe410f866240c901eee22bf2c8df04c646928ebb3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e9bd81d70d272d571b15e7d509907a6bc8aa23799849ce19584cafaa201c9c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2EE0EC90F4D64282FF396BF298D91782591DFB8760B4844B4F90ED7366DF2CA8898330
                                                                                                                                                                                                                              Function 00007FF69E1ABA00 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00007FF69E1AB87D,?,?,00000000,00007FF69E1AB932), ref: 00007FF69E1ABA6E
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF69E1AB87D,?,?,00000000,00007FF69E1AB932), ref: 00007FF69E1ABA78
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                                              • Opcode ID: 77e2bcd66fe63b7e32e9c420d5456187ea64b38b498190725808e49f9c0985ab
                                                                                                                                                                                                                              • Instruction ID: b009b451a414f05f670a56cba398d0f7075b6ebfa9906927bb8137a733417eb8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77e2bcd66fe63b7e32e9c420d5456187ea64b38b498190725808e49f9c0985ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE219F61F4868241FE746B25A4D92BD1281DFA47B0F0442B5FA2ECB3D2DE6CE4C94320
                                                                                                                                                                                                                              Function 00007FF69E1ACD4C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 8b800d1c0215c395d8ee5cb256ced11da9c32d068479accee0e1705fd5882e0a
                                                                                                                                                                                                                              • Instruction ID: 40202bdea925d03a5a4d5c8ad722f144feb6d2391889fb6b8d97333ca5afc71d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b800d1c0215c395d8ee5cb256ced11da9c32d068479accee0e1705fd5882e0a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A41A232A4864187EA34DB19E5802B97BA4EF76BA0F140171E78EC76D1CF3CE446C761
                                                                                                                                                                                                                              Function 00007FF69E1973F0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                                              • Opcode ID: 5faf2e4fea931b2643e5018cf783052bf35d6214a550f297df3baf76f0540905
                                                                                                                                                                                                                              • Instruction ID: e521d1b28f8217583aaf9bd3ec9d33ed1dd49639a0384384c5f1f48a6a6e0f12
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5faf2e4fea931b2643e5018cf783052bf35d6214a550f297df3baf76f0540905
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B219421B0869257FA309A16B9847BA9A41FF65BD4F8844B0FD0D87787CF3CE045C210
                                                                                                                                                                                                                              Function 00007FF69E1AC7DC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ec9d5ae5a000e04b57470e1a65c1a2ebd8d322b6e5cd5ccd1e774105d6e8e50b
                                                                                                                                                                                                                              • Instruction ID: b6deebae02b7d1c8b4be6433517ae9ea7c737764fff8824e7971b85a064cb4cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec9d5ae5a000e04b57470e1a65c1a2ebd8d322b6e5cd5ccd1e774105d6e8e50b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC318D62E5C61285E7716B69988137C2654FFA0BB4F4202B6FA1D933D2CF7CE4898734
                                                                                                                                                                                                                              Function 00007FF69E1A6EF4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                              • Instruction ID: ef8b096386033fdba4f52dea2b83e231c44652aef57c9d2bb55f21f2f86c9587
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41117222A4C68181EA70DF51D88027EB2A0FFA5BA4F4440B1FB4CD7B96DF7DD8588760
                                                                                                                                                                                                                              Function 00007FF69E1B7564 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 3767eff042e46cd651120d9163f396646e5b690a05a83219cc7a0fcdceb2a680
                                                                                                                                                                                                                              • Instruction ID: 0236e77d4031e390ea11f4227e8dacb13f99dd211d053198b0353619cac4cacc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3767eff042e46cd651120d9163f396646e5b690a05a83219cc7a0fcdceb2a680
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09216572A0868287DB718F18E48037976A0EB94B54F184374F65DC77D9DF3CD4448B10
                                                                                                                                                                                                                              Function 00007FF69E19F8B4 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                              • Instruction ID: 7ab0798bc8eb72419f0089d66657c4324d5cf7cf38d1a6cd3f98fd27abd3f83c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8701F921B08B8650EA24DB52A940079A695FFA9FF0F4C42B1FE6C93BDACF3CD4418710
                                                                                                                                                                                                                              Function 00007FF69E19C37C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF69E19C390
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E19CDB8: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF69E19CDC0
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E19CDB8: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF69E19CDC5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1208906642-0
                                                                                                                                                                                                                              • Opcode ID: 86517d9d3c6548b93fa1a500576de9512fe9d6a130677b1fbe86fe464c74cea3
                                                                                                                                                                                                                              • Instruction ID: 10902c639a5bc3dc35a85864d6ae186545c6a14fd25b0e0fcfba83f9b6c85eac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86517d9d3c6548b93fa1a500576de9512fe9d6a130677b1fbe86fe464c74cea3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CEE0E264D0D24382FEB8A66139C62FD1780CF75304F4000FAF88EE21C39E0E329A11B6
                                                                                                                                                                                                                              Function 00007FF69E1982E0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF69E1988F0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF69E193A24,00000000,00007FF69E191965), ref: 00007FF69E198929
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00007FF69E1958D6,00000000,00007FF69E19272E), ref: 00007FF69E198302
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                                                                                              • Opcode ID: 2a0be5660c9ee8306d4c5b2947c47421779384b2a6c1156b5f1a19ff2be16db4
                                                                                                                                                                                                                              • Instruction ID: b90dd65912af01b2c9d3d488a828f092e41422c25b54b73ae6f370b320a0ad6e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a0be5660c9ee8306d4c5b2947c47421779384b2a6c1156b5f1a19ff2be16db4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3ED0C211F3824141FA68A76BBA86679A152EF99BC0F488035FE0C83B4ADD3CC0954B00
                                                                                                                                                                                                                              Function 00007FF69E1AE664 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF69E1A0208,?,?,?,00007FF69E1A1872,?,?,?,?,?,00007FF69E1A4535), ref: 00007FF69E1AE6A2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2629743718.00007FF69E191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E190000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629727254.00007FF69E190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629767968.00007FF69E1BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629786537.00007FF69E1D3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E214000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2629815093.00007FF69E217000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff69e190000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: 3c31cf8336a648e9ecfad8ff9b709a6d49b8502715341f1fffc2c41753e32efa
                                                                                                                                                                                                                              • Instruction ID: 15920640b87c0037a3a3ede04b6f74f25f5e1bf4ee8ff7e196daa82f7e4127d0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c31cf8336a648e9ecfad8ff9b709a6d49b8502715341f1fffc2c41753e32efa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F0FE50E9D20245FA756AE259C12791290DFA87B0F484AB0FD3EC73C1EE2CE4988531

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 61CD5260 Relevance: 63.4, APIs: 30, Strings: 6, Instructions: 406memorystringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocComputerFreeNamemallocstrlen
                                                                                                                                                                                                                              • String ID: 01234567$89abcdef$:[sc$Characteristics$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
                                                                                                                                                                                                                              • API String ID: 1478035857-3618987999
                                                                                                                                                                                                                              • Opcode ID: fb5ff797a31862ba17c2551416bcc1e29a5b4184dbec8cc36b1d0a74853ec861
                                                                                                                                                                                                                              • Instruction ID: 3b41a0ebb1b108de64e1684ee1e915b3e7e0c21c6693aeb974435521971488a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb5ff797a31862ba17c2551416bcc1e29a5b4184dbec8cc36b1d0a74853ec861
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81F14972719781C6E760CB66B84079FBBB5F78AB84F848129DF8947B58EB39C005CB11
                                                                                                                                                                                                                              Function 61CCA260 Relevance: 51.2, APIs: 27, Strings: 2, Instructions: 487COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (index list too large), xrefs: 61CCB612
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CCBC1F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$AppendList_OccurredString
                                                                                                                                                                                                                              • String ID: EOF read where object expected$bad marshal data (index list too large)
                                                                                                                                                                                                                              • API String ID: 2605687773-1134984
                                                                                                                                                                                                                              • Opcode ID: 09f365b29ea617ec1a9918de6a0732721120efa5f7ce55dac81d14968a944cfe
                                                                                                                                                                                                                              • Instruction ID: dd0a400b65332f63f85035b2b51a3e7e91d91eeb98810261c9b409a0f3697be4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09f365b29ea617ec1a9918de6a0732721120efa5f7ce55dac81d14968a944cfe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D12773220AB90C6EB258BA6E45439E77A5FB85F88F08C415CA9D47B18FF3DC844C742
                                                                                                                                                                                                                              Function 61CD2B30 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 61CD2B7C
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 61CD2BB0
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61CD2BCA
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 61CD2C44
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD2C5A
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 61CD2C97
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 61CD2CC4
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61CD2CE5
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61CD2CF4
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 61CD2D3C
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD2D55
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD2D5A
                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 61CD2D64
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61CD2D86
                                                                                                                                                                                                                                • Part of subcall function 61CD27E0: GetLastError.KERNEL32 ref: 61CD27E4
                                                                                                                                                                                                                                • Part of subcall function 61CD27E0: FormatMessageA.KERNEL32 ref: 61CD2815
                                                                                                                                                                                                                                • Part of subcall function 61CD27E0: LocalFree.KERNEL32 ref: 61CD2836
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c$/%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d
                                                                                                                                                                                                                              • API String ID: 1119308327-3953537554
                                                                                                                                                                                                                              • Opcode ID: 3e4b6cb3af99d3619bf2c18e875b444f9b0e6b19ed9a77fbb3653d60a72b4b1f
                                                                                                                                                                                                                              • Instruction ID: 73ac2af19762e2be4e140ade5e2efc14c882719669a09a10a858ac61324856b2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e4b6cb3af99d3619bf2c18e875b444f9b0e6b19ed9a77fbb3653d60a72b4b1f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA51DF31300A859AE760DB62FC6478A7B61F789BE8F4882259E5E07BD4DF3DC506C784
                                                                                                                                                                                                                              Function 61CD3CF0 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 149networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$Cleanup$closesocketntohlsetsockopt$Startupgethostbynamehtonsrecvfromsendtosocket
                                                                                                                                                                                                                              • String ID: and,$http://$or,
                                                                                                                                                                                                                              • API String ID: 1750001962-2642771825
                                                                                                                                                                                                                              • Opcode ID: d60b143e1d993e80b673ce82980026c53de9bdc10758b609d7e6509d447f81cd
                                                                                                                                                                                                                              • Instruction ID: cff7732c7b2862a89f60e16e8a42003e50a6c67ad3073c416c001683f00e0a6c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d60b143e1d993e80b673ce82980026c53de9bdc10758b609d7e6509d447f81cd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45518D7160578496E710DB65F80835EB7A1F788BB4F184329EAA94BBE8EF7DC444CB40
                                                                                                                                                                                                                              Function 00007FFB0BC21C99 Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 339COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: X_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                              • API String ID: 2268491255-1643863364
                                                                                                                                                                                                                              • Opcode ID: cf7442d83249b4f35ddb88605a11dd2032d676de9761582df6602fa9719c9a54
                                                                                                                                                                                                                              • Instruction ID: 308bc7e4d38a42a69c85b2e8b5f43eec09e9d81562432b2f12911fe1477361d2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf7442d83249b4f35ddb88605a11dd2032d676de9761582df6602fa9719c9a54
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27D1C2A2B08642B6FA759A35D444BBD6290EB45B84F449036EE4FC7FA6DF3DE8408700
                                                                                                                                                                                                                              Function 61CD14B2 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • calling %R should have returned an instance of BaseException, not %R, xrefs: 61CD176A
                                                                                                                                                                                                                              • exceptions must derive from BaseException, xrefs: 61CD14E1
                                                                                                                                                                                                                              • exception causes must derive from BaseException, xrefs: 61CD154A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                                              • String ID: calling %R should have returned an instance of BaseException, not %R$exception causes must derive from BaseException$exceptions must derive from BaseException
                                                                                                                                                                                                                              • API String ID: 1450464846-2865718950
                                                                                                                                                                                                                              • Opcode ID: 592703ca425c36526a6c5bb750356cd5b58cdb8e3781dc57f06ec309ceb843bf
                                                                                                                                                                                                                              • Instruction ID: a586ed58ef7b0e4aa5ea3a25beeceeda3c498c9c6d48128b131da695525a2177
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 592703ca425c36526a6c5bb750356cd5b58cdb8e3781dc57f06ec309ceb843bf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45611736B45A44D6EB058FAAA95479E37B2A786FD4F4D8021CF4A07B24EF3DC0A5C340
                                                                                                                                                                                                                              Function 61CC7540 Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 480COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format$malloc
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 1817594650-1595188566
                                                                                                                                                                                                                              • Opcode ID: 549cbbdd343e86ee4acbeefccd4c7274211d40d2035c81624c1f006331994ce2
                                                                                                                                                                                                                              • Instruction ID: 444d575d578c14cbaf964b51ce9a3fe210f473fe5ace677c01fe43e54837cce1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 549cbbdd343e86ee4acbeefccd4c7274211d40d2035c81624c1f006331994ce2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD02ACB2705B84C1FB158B6AD59036D3BA2FB85F88F48D416CE6D0B754EF29C860E742
                                                                                                                                                                                                                              Function 61CD2EE0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                                                              • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                                                              • API String ID: 2355516209-72258043
                                                                                                                                                                                                                              • Opcode ID: 233270e7e1e41bc5ccc68ddfde30d2476ab27d374bc2da1ff46a8b8117bbecc6
                                                                                                                                                                                                                              • Instruction ID: e9aa96cfdbf08bd61fafa917dabc6faef26b2ba35a5f67aa9ffafea22b446250
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 233270e7e1e41bc5ccc68ddfde30d2476ab27d374bc2da1ff46a8b8117bbecc6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A75124B2608691C1E711CB76A89435FBBA2B7C67D8F48C115EF9947B99EB7DC008CB40
                                                                                                                                                                                                                              Function 00007FFB0BA7F400 Relevance: 24.5, APIs: 16, Instructions: 493COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memset$memmove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1685334282-0
                                                                                                                                                                                                                              • Opcode ID: 1edd070486128180aaf4a9b6a699bce50f64173daa6afe7625103dfdb958fdbf
                                                                                                                                                                                                                              • Instruction ID: 8391ede60f96dc3eb57aa9e724efcb6eed6e33914926917d7fc32415c10ff8b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1edd070486128180aaf4a9b6a699bce50f64173daa6afe7625103dfdb958fdbf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B022D2B2A58F858ADA168B34D9107BAB365FF597C4F15C332DA8B67760DF3DE1428200
                                                                                                                                                                                                                              Function 00007FFB0BA7FEB0 Relevance: 24.5, APIs: 16, Instructions: 493COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memset$memmove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1685334282-0
                                                                                                                                                                                                                              • Opcode ID: d0ebc9dcb9b4dfbefd1d47e463b8048210ff77d408c872b9899fd701b123924b
                                                                                                                                                                                                                              • Instruction ID: 5e03d137c7792b049fb68240e001d30e8fdf25fd2a077e1feae6b111a3a187d4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ebc9dcb9b4dfbefd1d47e463b8048210ff77d408c872b9899fd701b123924b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5722AF72A04F858ADA2A9B34D1507FAA365FF597C4F15C332DB8F66B60DF38E0468200
                                                                                                                                                                                                                              Function 61CE5040 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                                                              • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                                                              • API String ID: 2525729555-3762154145
                                                                                                                                                                                                                              • Opcode ID: 5007ee38210087e13fb3603f037d087b27600e9943a9c9daa80f0b48f3474df8
                                                                                                                                                                                                                              • Instruction ID: f13955dbbc173a840599a565ffc498db52cde7b5a37abde4f5493fe0f5498970
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5007ee38210087e13fb3603f037d087b27600e9943a9c9daa80f0b48f3474df8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F031C676718740D2E711CBAAA84835EBBB2B7897C4F549025DE4983764FF7EC446C390
                                                                                                                                                                                                                              Function 00007FFB0BC21B81 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: N_free$O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                              • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                              • Opcode ID: 27b7e6b1a2380756cfa26162b9f83e50214ddb54b7d7688408707897998f30c0
                                                                                                                                                                                                                              • Instruction ID: 8148c1cdf815bda1ed6ba3a65a4943e5674b104ffa88db820839b2d4c8d40e71
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27b7e6b1a2380756cfa26162b9f83e50214ddb54b7d7688408707897998f30c0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3216252D18683A1E750EF75C4507FC1350FF94B48F08D235ED4E8B6A6DF58A5D18BA0
                                                                                                                                                                                                                              Function 00007FFB0BA76FC0 Relevance: 18.4, APIs: 12, Instructions: 450COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4048861018-0
                                                                                                                                                                                                                              • Opcode ID: 1ba6ff57bb3133cb648baf168f3054a4e5542cce55b8d95569e4c63513385875
                                                                                                                                                                                                                              • Instruction ID: 4f8b81800fc3b4a49fdc44c7c78551ebaf0aa446bf14daf98e499b6da8fd2ebe
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ba6ff57bb3133cb648baf168f3054a4e5542cce55b8d95569e4c63513385875
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A02F7B2F9CE014AE607CB74C501BBAA366AF153D4F16C332E91FB6664DF7C64928640
                                                                                                                                                                                                                              Function 00007FFB0BC21C08 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_free$memcpy$L_cleanseO_mallocmemset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                              • API String ID: 2649524955-4238427508
                                                                                                                                                                                                                              • Opcode ID: c8176c414889550db18000435abb5a1deba6356550613b413f080dcc09cb8534
                                                                                                                                                                                                                              • Instruction ID: 9908c58d46c1c38e5fe5aa43c62263e3d4b0390a5465d131d9aecba359e4fa0e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8176c414889550db18000435abb5a1deba6356550613b413f080dcc09cb8534
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F15170B2709782A6EA649F26E444AAE7760FB44FC4F548131EE8E87B65CF3CE155C700
                                                                                                                                                                                                                              Function 00007FFB0BC71BE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_mallocR_put_error$O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_dtls.c$R
                                                                                                                                                                                                                              • API String ID: 1091011155-469809446
                                                                                                                                                                                                                              • Opcode ID: 59325991ab593bf80ca705787716aaa9c8a4ca3c0951ce7c0107c3326519f8fd
                                                                                                                                                                                                                              • Instruction ID: 9e8a6958fbacfc2ab98cb5aab824a1b2a051b238904f0cd82b29868af3f27ffa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59325991ab593bf80ca705787716aaa9c8a4ca3c0951ce7c0107c3326519f8fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C313E72A18746B6E770DF21E400AA967A1FB44784F448035EA4F97FA5EF3DE909DB00
                                                                                                                                                                                                                              Function 61D40410 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlCaptureContext.KERNEL32 ref: 61D40424
                                                                                                                                                                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 61D4043B
                                                                                                                                                                                                                              • RtlVirtualUnwind.KERNEL32 ref: 61D4047D
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 61D404C1
                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 61D404CE
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 61D404D4
                                                                                                                                                                                                                              • TerminateProcess.KERNEL32 ref: 61D404E2
                                                                                                                                                                                                                              • abort.MSVCRT ref: 61D404E8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                                                              • String ID: Jzkx;
                                                                                                                                                                                                                              • API String ID: 4278921479-166890614
                                                                                                                                                                                                                              • Opcode ID: 0b663a1d556b8c52057113c1d16885c0c6fcd30d41580010eda9e63133874608
                                                                                                                                                                                                                              • Instruction ID: 867b5c6c5b71ee85a50a67044eea30ce3677bceea3a3fbc75eca1d2c6942bcc8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b663a1d556b8c52057113c1d16885c0c6fcd30d41580010eda9e63133874608
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A21D076211B04A5EB00CF65F8843DA37B6BB0DB94F484126EA5E5B724EF3AC165C780
                                                                                                                                                                                                                              Function 00007FFB0BA77660 Relevance: 10.8, APIs: 7, Instructions: 267COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3759962277-0
                                                                                                                                                                                                                              • Opcode ID: 0a616068c14d0cc25b55d560957346411adc6e39c4d7ed9e6f163420d756dbf1
                                                                                                                                                                                                                              • Instruction ID: 8b0f3843804b07cbc0db326988bdbeeb40c1c7f9763096c29d619dd32142ea98
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a616068c14d0cc25b55d560957346411adc6e39c4d7ed9e6f163420d756dbf1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FB137A2F5CE5589EA078734C500BBAA25AAF557D5F16C332E94F67B64DF3CA4828200
                                                                                                                                                                                                                              Function 00007FFB0BA66F40 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: exitmemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2099101326-2920267241
                                                                                                                                                                                                                              • Opcode ID: 1e7f654b3abe498549c85a9da2b5d6289def08c45c33cc899f933d97bd9daf92
                                                                                                                                                                                                                              • Instruction ID: 33819fe12acf62905570d1c1a4c66598dc401f24bd092cc329e84e9ce95b23de
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e7f654b3abe498549c85a9da2b5d6289def08c45c33cc899f933d97bd9daf92
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FC13CB2618BC586D660CB25F8407AAB7A4F789B84F549126EFCD43B69DF3CC155CB00
                                                                                                                                                                                                                              Function 00007FFB0BC80B50 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EVP_PKEY_get0_RSA.LIBCRYPTO-1_1(?,?,?,?,00007FFB0BC8237A), ref: 00007FFB0BC80B8A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Y_get0_
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                              • API String ID: 2256133966-348624464
                                                                                                                                                                                                                              • Opcode ID: 90bc40450ee750355726227821781c05988d76dd35d3ebf803da9011ac1e5896
                                                                                                                                                                                                                              • Instruction ID: af5a8cff0fee4b5101ebb1e31137b533c0be1e41320027bf62577ea3a07420ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90bc40450ee750355726227821781c05988d76dd35d3ebf803da9011ac1e5896
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3A1F2B2718691A6E7308B35D410BBE7BA1FB85784F448134EA8AC7B96DF3DD549CB00
                                                                                                                                                                                                                              Function 00007FFB0BA5F5D0 Relevance: 9.2, APIs: 6, Instructions: 245COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset$log2
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3851851888-0
                                                                                                                                                                                                                              • Opcode ID: 64f3392d5d0c07b22c2d9f88ec33949d3f89d5b72106fb347fe14f0603d3ecf4
                                                                                                                                                                                                                              • Instruction ID: 9aae91b4f58c706e2aace12baadc1b653f3229ff46847c79decfddd4420bebd7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64f3392d5d0c07b22c2d9f88ec33949d3f89d5b72106fb347fe14f0603d3ecf4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEA1E662A18FC589D6128B75E400BAAA765FF96784F048232DA8F67765DF3DE142CB00
                                                                                                                                                                                                                              Function 00007FFB0BA60EB0 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset$log2
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3851851888-0
                                                                                                                                                                                                                              • Opcode ID: 9cac2ff7569d438a0fc14b80d39a9464d9c8e47c46ba66bb0d0afa152fd710d5
                                                                                                                                                                                                                              • Instruction ID: 4b6bb6852db8855987972f19028408720310040416e0ccd541ba08d9346c7ab7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cac2ff7569d438a0fc14b80d39a9464d9c8e47c46ba66bb0d0afa152fd710d5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7A10AA2A18BC589DA128B75E400BAAA765FF557C4F04E236DA4F67665CF3CE046C700
                                                                                                                                                                                                                              Function 00007FFB0BA62700 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset$log2
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3851851888-0
                                                                                                                                                                                                                              • Opcode ID: 630956aaa5f078cabb962465cabea9a2edb90d42bcb192cf7cf7d8a395303877
                                                                                                                                                                                                                              • Instruction ID: a0cade8212b93f0da585549ae6cdc1a04a3608bfbc190302fd3a773ed005e396
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 630956aaa5f078cabb962465cabea9a2edb90d42bcb192cf7cf7d8a395303877
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6A1F9A2A18BC589D6168B75E400BEAB755FF96784F04D236DA4F67665CF3CE042C700
                                                                                                                                                                                                                              Function 00007FFB0BC26BA0 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_ctrl
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3605655398-0
                                                                                                                                                                                                                              • Opcode ID: 8528c44f1b554a9d6ffd954fb256f48237370f9ba8ae768e45797e0a09dfd22b
                                                                                                                                                                                                                              • Instruction ID: 46d49a1107a145123de1b85a086fa453a3addbd14416d774d8d5e9bf12353df4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8528c44f1b554a9d6ffd954fb256f48237370f9ba8ae768e45797e0a09dfd22b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F31677371828556DBA8DB79D591FFD3291EB88B80F058434DE0E8BF61DF68E4509701
                                                                                                                                                                                                                              Function 00007FFB0BC4CC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_reallocR_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 1389097454-1080266419
                                                                                                                                                                                                                              • Opcode ID: 457e9c35d0488873b3766b322ed8f6e4aee3b6ae0d3e168fe7206a5c874f4f61
                                                                                                                                                                                                                              • Instruction ID: 899faeebb9c73778152958fc6b28d1152d583cd5c535d5cc95a565e1a31b7cd6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 457e9c35d0488873b3766b322ed8f6e4aee3b6ae0d3e168fe7206a5c874f4f61
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1231B6B2619746A6EB258F35E400BAA7790FB44B98F448531EE8E87BB4DF3CE541D700
                                                                                                                                                                                                                              Function 00007FFB0BA5E090 Relevance: 7.9, APIs: 5, Instructions: 359COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFB0BA5E341
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFB0BA5E3C5
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFB0BA5E551
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFB0BA5E5B0
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFB0BA5E600
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4048861018-0
                                                                                                                                                                                                                              • Opcode ID: 4ce18a24f6bbc4e66d1632d99029d87051404aa3dbe531e978db1d1c2478575e
                                                                                                                                                                                                                              • Instruction ID: 86c5038ff3cac6d036bd881b56583cd846931508486e4c671ac01731791971f6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ce18a24f6bbc4e66d1632d99029d87051404aa3dbe531e978db1d1c2478575e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EEE1D9B1F18E858AEA178734D101BB9B365EF997D4F14C336D54F62764EF39A2828A00
                                                                                                                                                                                                                              Function 00007FFB0BC41C60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$O_newO_s_fileO_strdupR_clear_errorR_put_errorX509_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_conf.c$gfffffff
                                                                                                                                                                                                                              • API String ID: 3738848979-4123734156
                                                                                                                                                                                                                              • Opcode ID: 412dd9fff653bb11fe9b08e63c45f7e87bcc8f87c1d266025790deaff3528731
                                                                                                                                                                                                                              • Instruction ID: e6bd35d5bd892fce2ea9abd4a30f9afacfd7013313bc621ee6bcbbf9d3c77a28
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 412dd9fff653bb11fe9b08e63c45f7e87bcc8f87c1d266025790deaff3528731
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E02190B2B15B4595EE64DF2AE44076927A0EB88FC0F188035EE4ED7B65DF28E5418340
                                                                                                                                                                                                                              Function 61CD27E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • ../src/platforms/windows/hdinfo.c, xrefs: 61CD2820
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 1365068426-2451707101
                                                                                                                                                                                                                              • Opcode ID: e7f08c15d8cbf063678237260762927268d9f9e79990ee96d584c2113e730dff
                                                                                                                                                                                                                              • Instruction ID: 1a7db6b2fbf6c304026f98ba7d31e9012e9d651de69dd5a5a8494e7446dfba3a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7f08c15d8cbf063678237260762927268d9f9e79990ee96d584c2113e730dff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF03931314A41D2E7109B51E89438E7B72F7C9B89F544129DA8E43B68EF3EC15ACB80
                                                                                                                                                                                                                              Function 00007FFB0BA77AA0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3759962277-0
                                                                                                                                                                                                                              • Opcode ID: 7cb003af3fe56c2fa4ef3186a0cf0e2ba4dccb740a689c643034ce6301a7a5df
                                                                                                                                                                                                                              • Instruction ID: ae8ebd2aaa91c8a3b7aeace64bbe09b1f12ec76bc15b491df2643550ca6dfabb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cb003af3fe56c2fa4ef3186a0cf0e2ba4dccb740a689c643034ce6301a7a5df
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34619EA2F4CE8549E9278334D901BFAA255EF997C4F15C332DA4FB6B64EF2CB4428500
                                                                                                                                                                                                                              Function 00007FFB0BA70600 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3759962277-0
                                                                                                                                                                                                                              • Opcode ID: c462b1730b2cc9fe60fe652cd5c109c1ac0dba0022eaa0918e110071f0e1ffe6
                                                                                                                                                                                                                              • Instruction ID: cd72851f3fcb881625f33c8a5cebbf87e843af0e2fdfe2282b3331d7441dfc70
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c462b1730b2cc9fe60fe652cd5c109c1ac0dba0022eaa0918e110071f0e1ffe6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 195158A1F9CE4549E917C738C511BBAE21AAFA57D4E15C332E94FB2A60DF3DB0838500
                                                                                                                                                                                                                              Function 00007FFB0BC6DBE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1507966698
                                                                                                                                                                                                                              • Opcode ID: 3141108de7234470c54ad9726d6a351f58ca2817067a753fbd53601a5b991db5
                                                                                                                                                                                                                              • Instruction ID: e9231995453f4eec25d3e6164d4daf7cacf2db4cedb5ffdf66c02778ed162a03
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3141108de7234470c54ad9726d6a351f58ca2817067a753fbd53601a5b991db5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 173185B2A1C6C155E7608B65E450BAAB790FB857D4F048134EACE97FA5DF7CD1908B00
                                                                                                                                                                                                                              Function 00007FFB0BC21BCC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_strdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                              • API String ID: 2148955802-1527728938
                                                                                                                                                                                                                              • Opcode ID: 475cc2bbd808bb89294e481fac7ef19622eb317756c7a8bcef4a154acb9ddcad
                                                                                                                                                                                                                              • Instruction ID: b5df7c47c81446d6763ba361eef92890560852d2b874bb7f9a19d28fc9a14054
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 475cc2bbd808bb89294e481fac7ef19622eb317756c7a8bcef4a154acb9ddcad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F311A3A1E19782A1FA758B65E141B686690AB447C4F488034FB8F8BF69DF2CE5908704
                                                                                                                                                                                                                              Function 00007FFB0BC21C8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                              • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                              • Opcode ID: 128b89c1ee173af92281a39cd2c5b6dac4acaa1dced732c40567bbf9dcc6855f
                                                                                                                                                                                                                              • Instruction ID: e42eb85a4d993cd5d14550ff525079cc800c570da9afd77168dab6d7a94f9603
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 128b89c1ee173af92281a39cd2c5b6dac4acaa1dced732c40567bbf9dcc6855f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE11E971B19B81A1E7A58B25F480A58B290EF44BC4F184130ED4E8BF6DDF2CD6D18310
                                                                                                                                                                                                                              Function 00007FFB0BC57C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                              • Opcode ID: d0c9e50c82c640360316dc5f7b4349516dd4649572525e89d47dc48f9c0d474d
                                                                                                                                                                                                                              • Instruction ID: 21f4b4b55a1e8b9e278053e0be86e1aaec224c6663cf6bd8a115172aa4de7bef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0c9e50c82c640360316dc5f7b4349516dd4649572525e89d47dc48f9c0d474d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F017172B04B81A5D751CF2AD4807A873A8EB85FC4F188036EE4D8BBB5CF75C5858300
                                                                                                                                                                                                                              Function 00007FFB0BC67C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_strndup
                                                                                                                                                                                                                              • String ID: D:\a\1\s\ssl\packet_local.h
                                                                                                                                                                                                                              • API String ID: 2641571835-373350680
                                                                                                                                                                                                                              • Opcode ID: 4da2ad94cbdcd89c89d071f6cd9ad530b8028bab093b2de902632526adc10d13
                                                                                                                                                                                                                              • Instruction ID: b3dbbf782c3c668e1b36ab981f4c7f78f49ee99f5a64cf23514b47ba5cbb8c24
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4da2ad94cbdcd89c89d071f6cd9ad530b8028bab093b2de902632526adc10d13
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF0A771B04E46A1EB109B65E4419AC6361DB4CBC8F04C035FE0EC7BA5CE3CD5618300
                                                                                                                                                                                                                              Function 00007FFB0BC57BF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                              • Opcode ID: c154ed0c23af4f4a2ab3c94700327fb069ddd3c2668019da7fb3bde8ec48adac
                                                                                                                                                                                                                              • Instruction ID: 214bedc8a111cbbf7bd2ca1263fe1ed983ca1cfbe61b177609e8f1fd6a34cb7c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c154ed0c23af4f4a2ab3c94700327fb069ddd3c2668019da7fb3bde8ec48adac
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76F02BF2B026419AF7A09B38D445B942290DB44718F1C0230DA1DCB7E1EF3B84E2C710
                                                                                                                                                                                                                              Function 61CC1D00 Relevance: 2.5, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                                                              • API String ID: 0-3743287242
                                                                                                                                                                                                                              • Opcode ID: 44ff21734f2ff3973436570afbf4a4f696a535759bc606b7929e125bc87f373a
                                                                                                                                                                                                                              • Instruction ID: 7dd1e9d1e115df134ad7c334bd20a3f6430adc344937807bc8e558ee08b7fcc7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44ff21734f2ff3973436570afbf4a4f696a535759bc606b7929e125bc87f373a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EEF01C31314A4895EB60DB56FC8038927A1F38CB84F480225D98C83774DF3EC651CB40
                                                                                                                                                                                                                              Function 61D63550 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: df1776b9609a1a5930733c7ec6af33de0207b8f0bef9b3e78ca7bf489d44b57c
                                                                                                                                                                                                                              • Instruction ID: 4b0fe27ade4d74af5ae42047f4b5d46a224c168b2ecabc83e0e81d94ce0455ab
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df1776b9609a1a5930733c7ec6af33de0207b8f0bef9b3e78ca7bf489d44b57c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09D05EE3A5EFC16AE3035FB4AC29B5A2F2443E3541F8BC19AD29557163A95C54068321
                                                                                                                                                                                                                              Function 61D41D19 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5ef87f82fbfebd99247f37b5908a0d7ce27eb74ca9d59a6c86a4a0b91d50cb10
                                                                                                                                                                                                                              • Instruction ID: 76618c5bb4a55d08d86c6a0eb53039d544587aa8fdff3f88cff7f6caa375ec72
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ef87f82fbfebd99247f37b5908a0d7ce27eb74ca9d59a6c86a4a0b91d50cb10
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EA00232A5AC14E1D2005B00E8017E05179D317700F093121481C51011856D80544184
                                                                                                                                                                                                                              Function 61CD3560 Relevance: 75.7, APIs: 27, Strings: 16, Instructions: 436filestringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD359E
                                                                                                                                                                                                                                • Part of subcall function 61CD31B0: strlen.MSVCRT ref: 61CD31D3
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD35D7
                                                                                                                                                                                                                                • Part of subcall function 61CD33D0: strlen.MSVCRT ref: 61CD33EA
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD3609
                                                                                                                                                                                                                                • Part of subcall function 61CD2850: GetProcessHeap.KERNEL32 ref: 61CD2873
                                                                                                                                                                                                                                • Part of subcall function 61CD2850: HeapAlloc.KERNEL32 ref: 61CD2887
                                                                                                                                                                                                                                • Part of subcall function 61CD2850: GetAdaptersAddresses.IPHLPAPI ref: 61CD28AC
                                                                                                                                                                                                                                • Part of subcall function 61CD2850: GetProcessHeap.KERNEL32 ref: 61CD291F
                                                                                                                                                                                                                                • Part of subcall function 61CD2850: HeapFree.KERNEL32 ref: 61CD2929
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD3638
                                                                                                                                                                                                                                • Part of subcall function 61CD2660: GetProcessHeap.KERNEL32 ref: 61CD2681
                                                                                                                                                                                                                                • Part of subcall function 61CD2660: HeapAlloc.KERNEL32 ref: 61CD2696
                                                                                                                                                                                                                                • Part of subcall function 61CD2660: memcpy.MSVCRT ref: 61CD270C
                                                                                                                                                                                                                                • Part of subcall function 61CD2660: GetProcessHeap.KERNEL32 ref: 61CD272A
                                                                                                                                                                                                                                • Part of subcall function 61CD2660: HeapFree.KERNEL32 ref: 61CD2735
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD366B
                                                                                                                                                                                                                                • Part of subcall function 61CD29E0: GetProcessHeap.KERNEL32 ref: 61CD2A03
                                                                                                                                                                                                                                • Part of subcall function 61CD29E0: HeapAlloc.KERNEL32 ref: 61CD2A17
                                                                                                                                                                                                                                • Part of subcall function 61CD29E0: GetAdaptersAddresses.IPHLPAPI ref: 61CD2A3F
                                                                                                                                                                                                                                • Part of subcall function 61CD29E0: inet_ntoa.WS2_32 ref: 61CD2A77
                                                                                                                                                                                                                                • Part of subcall function 61CD29E0: GetProcessHeap.KERNEL32 ref: 61CD2A92
                                                                                                                                                                                                                                • Part of subcall function 61CD29E0: HeapFree.KERNEL32 ref: 61CD2A9C
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD369A
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD36AE
                                                                                                                                                                                                                                • Part of subcall function 61CD2DE0: GetProcessHeap.KERNEL32 ref: 61CD2DFB
                                                                                                                                                                                                                                • Part of subcall function 61CD2DE0: HeapAlloc.KERNEL32 ref: 61CD2E0F
                                                                                                                                                                                                                                • Part of subcall function 61CD2DE0: GetNetworkParams.IPHLPAPI ref: 61CD2E47
                                                                                                                                                                                                                                • Part of subcall function 61CD2DE0: GetProcessHeap.KERNEL32 ref: 61CD2E69
                                                                                                                                                                                                                                • Part of subcall function 61CD2DE0: HeapFree.KERNEL32 ref: 61CD2E73
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD36DD
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD36FE
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 61CD372B
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3763
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD378B
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 61CD3798
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61CD37B9
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61CD37D2
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD37F3
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61CD37FD
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3B97
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3BB8
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3BD9
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61CD3BFA
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to get mac address., xrefs: 61CD3BA3
                                                                                                                                                                                                                              • %02x:, xrefs: 61CD3AAE
                                                                                                                                                                                                                              • Default Mac address: "%s", xrefs: 61CD362B
                                                                                                                                                                                                                              • Multiple Mac addresses: "<, xrefs: 61CD37DE
                                                                                                                                                                                                                              • >", xrefs: 61CD3B57
                                                                                                                                                                                                                              • Serial number of default harddisk: "%s", xrefs: 61CD35CA
                                                                                                                                                                                                                              • Ip address: "%s", xrefs: 61CD368D
                                                                                                                                                                                                                              • Failed to get domain name., xrefs: 61CD3BE5
                                                                                                                                                                                                                              • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 61CD36E9
                                                                                                                                                                                                                              • %02x, xrefs: 61CD3B0D
                                                                                                                                                                                                                              • Failed to get harddisk information., xrefs: 61CD3B82
                                                                                                                                                                                                                              • Hardware informations got by PyArmor:, xrefs: 61CD3586
                                                                                                                                                                                                                              • Serial number with disk name: , xrefs: 61CD374E
                                                                                                                                                                                                                              • Failed to get ip address., xrefs: 61CD3BC4
                                                                                                                                                                                                                              • Domain name: "%s", xrefs: 61CD36D0
                                                                                                                                                                                                                              • "%s", xrefs: 61CD376D, 61CD37AC
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Processfwrite$fprintf$AllocFreefputc$AdaptersAddressesstrchrstrlen$NetworkParamsinet_ntoamallocmemcpy
                                                                                                                                                                                                                              • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                                                              • API String ID: 3427000353-3771683696
                                                                                                                                                                                                                              • Opcode ID: 1cb2a9057d3561845ba2c116d12d60171105c6080ccf3f43278611e0ae2cae7e
                                                                                                                                                                                                                              • Instruction ID: 70830e5f0fa44e062a6ca1230464fe1aad51617140ffd3458f92ca08d60caf46
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cb2a9057d3561845ba2c116d12d60171105c6080ccf3f43278611e0ae2cae7e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2902DBB2705B8086EB50CBA6E45139E77A2F789BD4F08922ACF9D47794EF39C051CB11
                                                                                                                                                                                                                              Function 61CD3FD0 Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 355networkstringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$ioctlsockettoupper$Cleanupstrstr$closesocketgethostbynamememcmp$Startup_mktime64connecthtonsrecvselectsendsocketstrchr
                                                                                                                                                                                                                              • String ID: Dec$HEAD /%s HTTP/1.1Host: %sUser-Agent: PYARMOR.COREConnection: close$Nov$and,$http://$or,
                                                                                                                                                                                                                              • API String ID: 3493847099-1714119496
                                                                                                                                                                                                                              • Opcode ID: 09abbbf94266815d4de85c1b699209a521172ab132b339a5765da79f4a0ecc6a
                                                                                                                                                                                                                              • Instruction ID: a72bfaf24faa03f4997299a80f4da17f46208d91d52b480b066052d9591d71ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09abbbf94266815d4de85c1b699209a521172ab132b339a5765da79f4a0ecc6a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20E1D132A09AC1D1E711CBA5E4407AE7BB1F385B98F48C226CB6947B98FB3DD146C741
                                                                                                                                                                                                                              Function 00007FFB0BC21B40 Relevance: 65.2, APIs: 20, Strings: 17, Instructions: 442COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy$D_sizeX_newX_reset$L_cleanseO_ctrl
                                                                                                                                                                                                                              • String ID: ..\s\ssl\tls13_enc.c$CLIENT_EARLY_TRAFFIC_SECRET$CLIENT_HANDSHAKE_TRAFFIC_SECRET$CLIENT_TRAFFIC_SECRET_0$EARLY_EXPORTER_SECRET$EXPORTER_SECRET$SERVER_HANDSHAKE_TRAFFIC_SECRET$SERVER_TRAFFIC_SECRET_0$c ap traffic$c e traffic$c hs traffic$e exp master$exp master$finished$res master$s ap traffic$s hs traffic
                                                                                                                                                                                                                              • API String ID: 804632375-2823458745
                                                                                                                                                                                                                              • Opcode ID: 10a871ee4789da1238021743094fe44da3fee0b4ed5f17071a15f399aa217030
                                                                                                                                                                                                                              • Instruction ID: a39f51e47c0dcd2c28253337ea10630552e5a93c97062f3b2abc2876b821269a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10a871ee4789da1238021743094fe44da3fee0b4ed5f17071a15f399aa217030
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57228CB1A08B42B6EA209B71E940BAD77A4FB44788F448136EA4E87B75DF3CE551C700
                                                                                                                                                                                                                              Function 61CC8280 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 201COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyTuple_Size.PYTHON310 ref: 61CC82A1
                                                                                                                                                                                                                              • PyTuple_New.PYTHON310 ref: 61CC82AD
                                                                                                                                                                                                                              • _PyObject_LookupAttr.PYTHON310 ref: 61CC830F
                                                                                                                                                                                                                              • _PyObject_GetAttrId.PYTHON310 ref: 61CC8323
                                                                                                                                                                                                                              • PyModule_GetFilenameObject.PYTHON310 ref: 61CC834F
                                                                                                                                                                                                                              • PyUnicode_FromString.PYTHON310 ref: 61CC835F
                                                                                                                                                                                                                              • _PyErr_Clear.PYTHON310 ref: 61CC8399
                                                                                                                                                                                                                              • PyErr_SetImportError.PYTHON310 ref: 61CC83BF
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC83DE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • cannot import name %R from %R (unknown location), xrefs: 61CC83A5
                                                                                                                                                                                                                              • cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S), xrefs: 61CC8505
                                                                                                                                                                                                                              • %U.%U, xrefs: 61CC8432
                                                                                                                                                                                                                              • <unknown module name>, xrefs: 61CC8358
                                                                                                                                                                                                                              • cannot import name %R from %R (%S), xrefs: 61CC84EA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AttrErr_Object_Tuple_$ClearDeallocErrorFilenameFromImportLookupModule_ObjectSizeStringUnicode_
                                                                                                                                                                                                                              • String ID: %U.%U$<unknown module name>$cannot import name %R from %R (%S)$cannot import name %R from %R (unknown location)$cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S)
                                                                                                                                                                                                                              • API String ID: 597108667-3215622635
                                                                                                                                                                                                                              • Opcode ID: 1d01639cebfca87aad6507c8a55bc06ae9ad0b57a0cda341e4a785c28dc79153
                                                                                                                                                                                                                              • Instruction ID: 846dc7c2789a564130c25b8b1403b30798470c5fd7b3d57aea14c81f159b1c7d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d01639cebfca87aad6507c8a55bc06ae9ad0b57a0cda341e4a785c28dc79153
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90719632606A84E5EA05CFA6A858B9F77A2B786FD4F0C8024DE4E07724EF3DC565D341
                                                                                                                                                                                                                              Function 61CC9FE0 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 252COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (unnormalized long data), xrefs: 61CCB56D
                                                                                                                                                                                                                              • bad marshal data (long size out of range), xrefs: 61CCB4CC
                                                                                                                                                                                                                              • bad marshal data (digit out of range in long), xrefs: 61CCA1C0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$Long_String
                                                                                                                                                                                                                              • String ID: bad marshal data (digit out of range in long)$bad marshal data (long size out of range)$bad marshal data (unnormalized long data)
                                                                                                                                                                                                                              • API String ID: 3688822742-2912230410
                                                                                                                                                                                                                              • Opcode ID: 192796dbefc56ede9b18ce28a6c2ebdc212bb3e6c9299d6dd94916cbefc70d92
                                                                                                                                                                                                                              • Instruction ID: 9052dcdaeb30962fd71599a883db609cd0d780bc1c26a7a571b9d2dab01d84d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 192796dbefc56ede9b18ce28a6c2ebdc212bb3e6c9299d6dd94916cbefc70d92
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5A14736206B90C6EA10CBAAD58475E73A2F785F84F19C115CE9E47714EF38E859CB81
                                                                                                                                                                                                                              Function 61CCE7B0 Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 472fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$Err_MemoryPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                                                              • String ID: too many objects
                                                                                                                                                                                                                              • API String ID: 3535940709-4209268247
                                                                                                                                                                                                                              • Opcode ID: 072791276c24e4448f3269e92f613d27efc05ce62c5ecea9f5eda95fc2d141ee
                                                                                                                                                                                                                              • Instruction ID: ed4aab8f95326541c3ba7e33ba32342ff73df5dade6b831cb5f249b6d96c7789
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 072791276c24e4448f3269e92f613d27efc05ce62c5ecea9f5eda95fc2d141ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D127D32209B84C6DB00CB9AE44179EBFA0F386BD0F548116EA9D07B68EB7DD455CB42
                                                                                                                                                                                                                              Function 61CD1D00 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • missing required positional arguments, xrefs: 61CD1E41
                                                                                                                                                                                                                              • missing kwonly required arguments, xrefs: 61CD20CA
                                                                                                                                                                                                                              • too many positional arguments, xrefs: 61CD2134
                                                                                                                                                                                                                              • Can't remove argname from kwargs, xrefs: 61CD1F26
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_Err_ItemString$DeallocTuple_
                                                                                                                                                                                                                              • String ID: Can't remove argname from kwargs$missing kwonly required arguments$missing required positional arguments$too many positional arguments
                                                                                                                                                                                                                              • API String ID: 2174600326-1903473336
                                                                                                                                                                                                                              • Opcode ID: d3dba25277e8a6c7e83277ad3c4a6ba8b65aef718266c3b2fd206c8b46e4a09e
                                                                                                                                                                                                                              • Instruction ID: 3b094aa62efd5e344aa4d6f53361da9261d7521f0de528d7bf5b3be55a108304
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3dba25277e8a6c7e83277ad3c4a6ba8b65aef718266c3b2fd206c8b46e4a09e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15B13A72A45B84C1EB269FA9E85439E7776F785BA4F188211CF6D03B68EF39C095C301
                                                                                                                                                                                                                              Function 61CD08F0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • not enough values to unpack (expected %d, got %d), xrefs: 61CD0B2D
                                                                                                                                                                                                                              • too many values to unpack (expected %d), xrefs: 61CD0A64
                                                                                                                                                                                                                              • cannot unpack non-iterable %.200s object, xrefs: 61CD0B01
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$DeallocFormatIter_Next$CheckExceptionIterMatchesObject_OccurredSequence_
                                                                                                                                                                                                                              • String ID: cannot unpack non-iterable %.200s object$not enough values to unpack (expected %d, got %d)$too many values to unpack (expected %d)
                                                                                                                                                                                                                              • API String ID: 2492064420-2953850414
                                                                                                                                                                                                                              • Opcode ID: fe2cb6f2749073ae5222a0c3e1dd4c278759d1a17c65bec1c8ad99c02bb32464
                                                                                                                                                                                                                              • Instruction ID: 688ce6252d478ce979eb353606bfd7547f376596185337da579519863100f07e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe2cb6f2749073ae5222a0c3e1dd4c278759d1a17c65bec1c8ad99c02bb32464
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08619C32B06A84D2EA058F6EE85439D37B1F749B99F098612CF1E83724EF39C0A5C340
                                                                                                                                                                                                                              Function 00007FFB0BA31EE0 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Module_$Constant$Object$ReadyType_$Create2Err_ExceptionString
                                                                                                                                                                                                                              • String ID: %d.%d.%d$Compressor$Decompressor$MODE_FONT$MODE_GENERIC$MODE_TEXT$__version__$brotli.error$error
                                                                                                                                                                                                                              • API String ID: 85873462-3709432877
                                                                                                                                                                                                                              • Opcode ID: c527ea57f1a6fa79dc78c15721b8764123cc718b26bb66bf4bdf31074b340112
                                                                                                                                                                                                                              • Instruction ID: 1d31d67f51e2f07c1c563cd8bf595eb55bb987b85e1a6c402930bdc1c4236589
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c527ea57f1a6fa79dc78c15721b8764123cc718b26bb66bf4bdf31074b340112
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6531F9A1E18A0392FA059F71E864AB52361FF59B84F849032DD0FC6A74EF3CE549C740
                                                                                                                                                                                                                              Function 61CCA2A3 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 172threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA2B4
                                                                                                                                                                                                                              • PyThreadState_Get.PYTHON310 ref: 61CCAA73
                                                                                                                                                                                                                              • _Py_CheckFunctionResult.PYTHON310 ref: 61CCAABE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for set, xrefs: 61CCB6B2
                                                                                                                                                                                                                              • bad marshal data (set size out of range), xrefs: 61CCB204
                                                                                                                                                                                                                              • bad marshal data (index list too large), xrefs: 61CCB707
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CheckErr_FunctionOccurredResultState_Thread
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for set$bad marshal data (index list too large)$bad marshal data (set size out of range)
                                                                                                                                                                                                                              • API String ID: 3239669425-600355161
                                                                                                                                                                                                                              • Opcode ID: 6966b5a4f492ad5c447b097c62582c69bb00ca4d9ddb40f0a3e017ff77267a8d
                                                                                                                                                                                                                              • Instruction ID: 1eb1d6ca7885e91470581e5bf97e86a8644e5a3f277157bfaf0dbd5e46ccf62d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6966b5a4f492ad5c447b097c62582c69bb00ca4d9ddb40f0a3e017ff77267a8d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04716E31205B84C2EA64CBAAE44875E37A2F785F94F08C519CD6E07764FF39C858C782
                                                                                                                                                                                                                              Function 61CCDF60 Relevance: 32.0, APIs: 17, Strings: 1, Instructions: 473fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$Err_String
                                                                                                                                                                                                                              • String ID: too many objects
                                                                                                                                                                                                                              • API String ID: 4210527972-4209268247
                                                                                                                                                                                                                              • Opcode ID: ab538bb19e1f1bc414fd6b896064fc33ca10a26fd2367afd18da7291b42768a6
                                                                                                                                                                                                                              • Instruction ID: c675d4aba6397622fd26a9bab8be20c2511ff2fb7e6e8672a75657d89d28086c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab538bb19e1f1bc414fd6b896064fc33ca10a26fd2367afd18da7291b42768a6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E126FB2201B84C6DB14CFAAD04178D7BB1F746FE8F548216CA6D57758EB39C9A2C381
                                                                                                                                                                                                                              Function 61CC87F0 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyFloat_Unpack8.PYTHON310 ref: 61CC8821
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8876
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8884
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC88A4
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC88C3
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CC89F1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC89E7
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC89C5
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8952
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BufferBuffer_CallErr_FillFloat_FromInfoMemoryMethodNumber_Object_SizeSsize_tStringUnpack8View_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3670709071-4172231876
                                                                                                                                                                                                                              • Opcode ID: 5953b7188b458796bec9ddd9ceeaae1fcaf63df668c975a6eba10f85afc1e8d2
                                                                                                                                                                                                                              • Instruction ID: 2b5349b9d9ddfca7ebf6e2f708b049a935310588ad32c63c411f64716e6d45fc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5953b7188b458796bec9ddd9ceeaae1fcaf63df668c975a6eba10f85afc1e8d2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF517431316A00C1EB059FAAE840B9E3371F745FE9F488215C92D477A8EF39C899D382
                                                                                                                                                                                                                              Function 61CC4050 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 201COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format_time64
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$*DOMAIN:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*MID:$9$N+
                                                                                                                                                                                                                              • API String ID: 3213601273-243345976
                                                                                                                                                                                                                              • Opcode ID: a1d82c480142157980b356fb9d39d517d3fc47aba4f216445493419fe1ec8879
                                                                                                                                                                                                                              • Instruction ID: 58c30c1de830392695638108277f9645988f45368220b0d205fdd87ce4128200
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1d82c480142157980b356fb9d39d517d3fc47aba4f216445493419fe1ec8879
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4271C232745694C6FB018F75D49039D3B72F781F99F4CC212DAA80B794EB2AC956C712
                                                                                                                                                                                                                              Function 61CC8A20 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8AA6
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8AB4
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC8AD4
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC8AF3
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CC8C21
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8C17
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC8BF5
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8B82
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BufferBuffer_CallErr_FillFromInfoMemoryMethodNumber_Object_SizeSsize_tStringView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3120701247-4172231876
                                                                                                                                                                                                                              • Opcode ID: 268cca4879bc0949d5ef2498795e136865965a24cbf26e512078b88c3e68cf09
                                                                                                                                                                                                                              • Instruction ID: 39c0ddd4696da011d630d6f6b29fee9b86b045f942c346f7cfed99518e282246
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 268cca4879bc0949d5ef2498795e136865965a24cbf26e512078b88c3e68cf09
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D412DB1306A04C1EE058BA9D854B5E3361B749FF8F188715CA2D47BE8EF39C896D341
                                                                                                                                                                                                                              Function 61CC8D80 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8E02
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8E10
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC8E30
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC8E52
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC8E6B
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC8E9A
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CC8F43
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8F37
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC8E90
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8F17
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$BufferBuffer_CallFillFormatFromInfoMemoryMethodNumber_Object_OccurredSizeSsize_tStringView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 2192429850-4172231876
                                                                                                                                                                                                                              • Opcode ID: 70caecf7664a3d6fa08ce6f90253df570e7e05374acd81b3be3a96d3682d0a00
                                                                                                                                                                                                                              • Instruction ID: c4f67647144f5eca8f866616ff93eaf0cc2b62e4dfd0a92a2be41dc9206f7581
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70caecf7664a3d6fa08ce6f90253df570e7e05374acd81b3be3a96d3682d0a00
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA413031302A05C5EA159F6AE840B9A3362B759FF4F4C87258E2D477E4EF39C895D381
                                                                                                                                                                                                                              Function 61CD0BB0 Relevance: 27.2, APIs: 18, Instructions: 153COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$CallCheckErr_Object_Signals
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 356930793-0
                                                                                                                                                                                                                              • Opcode ID: 5c47cf7f93ec0070e06dcdb2ba8344a8992b5d22951f6b8c72dadad077147798
                                                                                                                                                                                                                              • Instruction ID: 5f7d1762232fdd679596d89c4661962021036ada5b2e659c4b7dff6ab997be56
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c47cf7f93ec0070e06dcdb2ba8344a8992b5d22951f6b8c72dadad077147798
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D513032A4AA50E6EA099FAE995436D3B71FB86B95F0CC115CF1986A10FF3AC075C341
                                                                                                                                                                                                                              Function 00007FFB0BA31C80 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeallocSizeString$Arg_Buffer_Bytes_Err_FromKeywords_List_ParseReleaseTuplefreemalloc
                                                                                                                                                                                                                              • String ID: BrotliDecompress failed$y*|:decompress
                                                                                                                                                                                                                              • API String ID: 3129089932-3609120798
                                                                                                                                                                                                                              • Opcode ID: 21fc62796acf40556abf5966d126bf01a84e1109d329ffa3a643c5993f22310f
                                                                                                                                                                                                                              • Instruction ID: c3ab98524f4200d8543294eed5fac5171f729ae1b3061716c221405e9ef0d162
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21fc62796acf40556abf5966d126bf01a84e1109d329ffa3a643c5993f22310f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB612872B09B4685EB619B71E4507AD23A5FB58F88F448436DE4EA3B68EF3CD405C340
                                                                                                                                                                                                                              Function 61CD2850 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Too small size, xrefs: 61CD29A0
                                                                                                                                                                                                                              • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 61CD28E9
                                                                                                                                                                                                                              • ../src/platforms/windows/hdinfo.c, xrefs: 61CD29A7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocFree
                                                                                                                                                                                                                              • String ID: %02x:%02x:%02x:%02x:%02x:%02x$../src/platforms/windows/hdinfo.c$Too small size
                                                                                                                                                                                                                              • API String ID: 1283795797-3992030336
                                                                                                                                                                                                                              • Opcode ID: 28b741a99f7261f51883bf318de66afc32225d72aa7120d1a0b8f8e9456b4b24
                                                                                                                                                                                                                              • Instruction ID: cc247c1afe25794d4e03ce20905666fbc3378b04d95cca62958e6e8b3e98b663
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28b741a99f7261f51883bf318de66afc32225d72aa7120d1a0b8f8e9456b4b24
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7831EB227055918AD721DBBBAC1076EBB92FB89BD4F088126AE6C83794FF3CC141D750
                                                                                                                                                                                                                              Function 61CD0570 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Invalid type for op_build, xrefs: 61CD07CC
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: List_$DeallocDict_$ExtendTuple_Update
                                                                                                                                                                                                                              • String ID: Invalid type for op_build
                                                                                                                                                                                                                              • API String ID: 3794787204-1006902009
                                                                                                                                                                                                                              • Opcode ID: 7e77342aa9cbcc8bd41e1988bfb5005c4bd609e4d6c17d9bfdf0e27322b9733a
                                                                                                                                                                                                                              • Instruction ID: 0e728dde6b8c332d667d89005810a0f758e26f9c1410ef71bb9a777c29456398
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e77342aa9cbcc8bd41e1988bfb5005c4bd609e4d6c17d9bfdf0e27322b9733a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E51A172F45A04C1FE158BADA95039E27A1AB85BD4F99C016CF19C7714FE3EC066C744
                                                                                                                                                                                                                              Function 61CD1A20 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Too many format strings, xrefs: 61CD1A5D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Err_FormatObject_StringUnicode_
                                                                                                                                                                                                                              • String ID: Too many format strings
                                                                                                                                                                                                                              • API String ID: 3094464462-2091874682
                                                                                                                                                                                                                              • Opcode ID: a705662501f43c819613764881bd771d26779ffa5ebd9b20d4251b7b3115279a
                                                                                                                                                                                                                              • Instruction ID: 4057101ab3f4cc9149257db631a78edf69700d5526fc5087cd0b324b24e3b287
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a705662501f43c819613764881bd771d26779ffa5ebd9b20d4251b7b3115279a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00516D72A49A44E1EA198FAEA9843AD73B2B785BC4F088125CB5E47B14FF3DC165C341
                                                                                                                                                                                                                              Function 61CC1A30 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 174COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetFrame.PYTHON310 ref: 61CC1A3E
                                                                                                                                                                                                                              • PyUnicode_AsUTF8.PYTHON310 ref: 61CC1A98
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON310 ref: 61CC1AAF
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON310 ref: 61CC1AC8
                                                                                                                                                                                                                              • PyCFunction_GetSelf.PYTHON310 ref: 61CC1AD6
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC1B3C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Err_Eval_FormatFrameFunction_ItemModule_SelfStringUnicode_
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$__dict__$__pyarmor__$protection exception (%d)
                                                                                                                                                                                                                              • API String ID: 3372622024-629680938
                                                                                                                                                                                                                              • Opcode ID: 6bfe40150e7f323fbba23a91d001a579904c506e38e2ed717feda4512c651a80
                                                                                                                                                                                                                              • Instruction ID: 234c18b7cfe7fc8ade27eb0f60418ada055488fb65bed6bb59210fad97f64f17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bfe40150e7f323fbba23a91d001a579904c506e38e2ed717feda4512c651a80
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2515C76701A44D1FF058FABE8507A82BB2EB88FD4F498426CE1D07765EE39C895C741
                                                                                                                                                                                                                              Function 61CD23A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$ItemMethod_Tuple_$BuildFunction_NameQualSubtypeType_ValueWith
                                                                                                                                                                                                                              • String ID: (O)
                                                                                                                                                                                                                              • API String ID: 593819998-4232840684
                                                                                                                                                                                                                              • Opcode ID: f996168bd4447b76efc63ff61f3011959f01f199160fab59cd60a4f5e19290e4
                                                                                                                                                                                                                              • Instruction ID: fa29925a19540fc8f03d9aafb25c8a1fb30cb968d1d36d36746d9991aa1e33fb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f996168bd4447b76efc63ff61f3011959f01f199160fab59cd60a4f5e19290e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4251A032A46A50D2EA168FB6A974B9E77B1FB46B94F48C114CF5B06B14FF39C054C340
                                                                                                                                                                                                                              Function 61CCF210 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for object, xrefs: 61CCF344
                                                                                                                                                                                                                              • XXX readobject called with exception set, xrefs: 61CCF36D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$Free$Err_FromList_MallocMarshal_ObjectOccurredPy_fstat_noraiseReadStringfread
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for object$XXX readobject called with exception set
                                                                                                                                                                                                                              • API String ID: 149595394-3392712392
                                                                                                                                                                                                                              • Opcode ID: 101779795f61d800918a771dc5683649c7a9ea3139cc4827061a833edcdae384
                                                                                                                                                                                                                              • Instruction ID: 1b5d004c1532a33441219fd3cdabc34ff390500a99e55cc5875ead301bf4bff3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 101779795f61d800918a771dc5683649c7a9ea3139cc4827061a833edcdae384
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E31AD31306B40C9FA068BA6E8047AD67A2AB86FD8F0C8135DE0E57754FF3DC4968741
                                                                                                                                                                                                                              Function 00007FFB0BA319E0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeallocSizeString$Arg_Buffer_Bytes_Err_FromList_ParseReleaseTuple_
                                                                                                                                                                                                                              • String ID: BrotliDecoderDecompressStream failed while processing the stream$y*:process
                                                                                                                                                                                                                              • API String ID: 2327171786-3378180327
                                                                                                                                                                                                                              • Opcode ID: 0409f8f06fc8815c48b07b2be836251baa69eb390988694566013f5be1359561
                                                                                                                                                                                                                              • Instruction ID: 1e090236940f5db07109485313c6768cb29bc93e1ff60d0ea4f48a4ea8c77e5b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0409f8f06fc8815c48b07b2be836251baa69eb390988694566013f5be1359561
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C95128B2F09B4689EB119F75E4507A963A4FB58B88F448036DE4EA7B68EF3CD454C340
                                                                                                                                                                                                                              Function 61CC85D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON310 ref: 61CC8623
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON310 ref: 61CC8635
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON310 ref: 61CC8659
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON310 ref: 61CC867B
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC86A4
                                                                                                                                                                                                                              • PyErr_Format.PYTHON310 ref: 61CC86CF
                                                                                                                                                                                                                              • PyMem_Realloc.PYTHON310 ref: 61CC8703
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CC8748
                                                                                                                                                                                                                              • PyMem_Malloc.PYTHON310 ref: 61CC8773
                                                                                                                                                                                                                              • PyErr_NoMemory.PYTHON310 ref: 61CC8785
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CC86BF
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CC8727
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_Memory$BufferBuffer_CallDeallocFillFormatFromInfoMallocMethodNumber_Object_OccurredReallocSizeSsize_tView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3190434935-3742967138
                                                                                                                                                                                                                              • Opcode ID: e485536d73254d4dafb8dc8a6effd36bb5055c745d6a8ed464dceacf089cae48
                                                                                                                                                                                                                              • Instruction ID: 66854aef6b41a143c7d4d2bc4d79bf138f9a3d6f5aed3cce6501f806c3591011
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e485536d73254d4dafb8dc8a6effd36bb5055c745d6a8ed464dceacf089cae48
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2418671301A04C5FB019BA6E94479E23A2B744FE8F488225CD2D57798FF3DC4AAD341
                                                                                                                                                                                                                              Function 61CDE930 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                                                              • API String ID: 306872129-190324370
                                                                                                                                                                                                                              • Opcode ID: 4f33e5c8c7e94fbc85b603ddba97134baa48ed7034416edd1c7fef7426683878
                                                                                                                                                                                                                              • Instruction ID: 3fc0ff90f08d2cbb04bd90e17459d14aee17383ab2978256765229971bc2a3ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f33e5c8c7e94fbc85b603ddba97134baa48ed7034416edd1c7fef7426683878
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DC18C32A04A90C6EB60DFA6E8447DEA7A5F788BD4F498026DF8997708FF78C445C740
                                                                                                                                                                                                                              Function 61D3FF60 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                              • String ID: $@$@
                                                                                                                                                                                                                              • API String ID: 896588047-3743272326
                                                                                                                                                                                                                              • Opcode ID: 73e9286203a1371efb94ab06c35aaaace9818b0ebdf40b3641d022ac463382f6
                                                                                                                                                                                                                              • Instruction ID: 9d0c6e662f27f0adb30c3b4ed28945bc07b1d2a009d5b9b8aab0390a329bac50
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73e9286203a1371efb94ab06c35aaaace9818b0ebdf40b3641d022ac463382f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A413773A1166485F7618B96AC007896611BB9FBF4F498321EFB9573D0EB3CC844C780
                                                                                                                                                                                                                              Function 61CD1850 Relevance: 21.1, APIs: 14, Instructions: 93COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Restore$DeallocExceptionException_FetchNormalize$Back_ContextEval_FrameHereOccurredTraceTraceback
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4214459649-0
                                                                                                                                                                                                                              • Opcode ID: 827a9e5310f03d725a1cc348097ee629aec1fa18ce305dfd630c3ac3fe0b03ca
                                                                                                                                                                                                                              • Instruction ID: 03515608dbe7a3419fb4cdaae0eeafe47c680109f5e3acfd865b0f3bbf488c2f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 827a9e5310f03d725a1cc348097ee629aec1fa18ce305dfd630c3ac3fe0b03ca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07310576609BC594EA248BAAF84439FB772FB86BD4F488016DE8D43B28DF39C055C741
                                                                                                                                                                                                                              Function 61CD29E0 Relevance: 19.6, APIs: 13, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocFree$inet_ntoa
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4108032510-0
                                                                                                                                                                                                                              • Opcode ID: f7741e468347a6813e1b085714e2c6c1d200df2b992c620632e7670310e4fb5c
                                                                                                                                                                                                                              • Instruction ID: 7f52c52bcfd25b07cf680e6e6dc553f6b05a83ae718cbc96506c2af767ff3ffb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7741e468347a6813e1b085714e2c6c1d200df2b992c620632e7670310e4fb5c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0521262270165186EB24DBBBAC51B5E5692BBCABD4F09C236AE1D47394FF38D442C311
                                                                                                                                                                                                                              Function 61CC4D21 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CCF490: PyList_New.PYTHON310 ref: 61CCF4CB
                                                                                                                                                                                                                                • Part of subcall function 61CCF490: PyErr_Occurred.PYTHON310 ref: 61CCF4EA
                                                                                                                                                                                                                                • Part of subcall function 61CCF490: PyMem_Free.PYTHON310 ref: 61CCF518
                                                                                                                                                                                                                              • _PyDict_GetItemIdWithError.PYTHON310 ref: 61CCFF62
                                                                                                                                                                                                                              • PyThreadState_Get.PYTHON310 ref: 61CCFFC5
                                                                                                                                                                                                                              • _Py_CheckFunctionResult.PYTHON310 ref: 61CD000F
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD0043
                                                                                                                                                                                                                              • _PyObject_MakeTpCall.PYTHON310 ref: 61CD009A
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD00B0
                                                                                                                                                                                                                              • _PyLong_AsInt.PYTHON310 ref: 61CD00F3
                                                                                                                                                                                                                              • PyImport_ImportModuleLevelObject.PYTHON310 ref: 61CD011B
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD014D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$CallCheckDict_Err_ErrorFreeFunctionImportImport_ItemLevelList_Long_MakeMem_ModuleObjectObject_OccurredResultState_ThreadWith
                                                                                                                                                                                                                              • String ID: __import__ not found
                                                                                                                                                                                                                              • API String ID: 1209477609-2199325508
                                                                                                                                                                                                                              • Opcode ID: 66a0ee9e62915a33e384d2420619a203a31e69856dba532ad039ce2488dfedf4
                                                                                                                                                                                                                              • Instruction ID: 99020d0b4d098a0b6c2240efa479268f29d31c9c7fcf7f3126f77a6ca2c53b7f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66a0ee9e62915a33e384d2420619a203a31e69856dba532ad039ce2488dfedf4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE516C32605B84E6EB458B6AE94039E67A1F749FE4F089126DF4E47B24EF3DD0A5C300
                                                                                                                                                                                                                              Function 00007FFB0BC21C0D Relevance: 18.1, APIs: 12, Instructions: 126COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: T_free$P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorX509_get_ext_d2id2i_
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2393059476-0
                                                                                                                                                                                                                              • Opcode ID: 76fd3bcacf334f1c2470ec69d84b8f21cf506a49e8396b11a5fe56694b7effb4
                                                                                                                                                                                                                              • Instruction ID: a822ade8bad2a3ddb1e1fbd2d16c5a4da95b4ad3b71929cb52086d18abd14145
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76fd3bcacf334f1c2470ec69d84b8f21cf506a49e8396b11a5fe56694b7effb4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C41A091B09B4762EE789AB6D051BBA6290DF44B80F048034DE4F87FE2DF6DE5408700
                                                                                                                                                                                                                              Function 61CD2660 Relevance: 18.1, APIs: 12, Instructions: 111memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$AdaptersAddressesmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1739390247-0
                                                                                                                                                                                                                              • Opcode ID: f94046b673e90456833a2c6b0b51a98eb54aac873b12c4fef50b8f4abfc44559
                                                                                                                                                                                                                              • Instruction ID: 8f7451ac445a9fee388f9fa0f64ee5a43c27756b6e9bc6aef873cc50c0020706
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f94046b673e90456833a2c6b0b51a98eb54aac873b12c4fef50b8f4abfc44559
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB31E7227016419AEB55DFBAA850BAE6792AB89BD4F4CC135EF1C47718FF38C582C700
                                                                                                                                                                                                                              Function 61D407F0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,61CC1278), ref: 61D4091D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Unknown pseudo relocation protocol version %d., xrefs: 61D40A9E
                                                                                                                                                                                                                              • Unknown pseudo relocation bit size %d., xrefs: 61D40A8A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                                                              • API String ID: 544645111-395989641
                                                                                                                                                                                                                              • Opcode ID: a264bdf7196f54d9f9dcf3f5f7f68f46268d3144cc707cd2af501bcdc4cd9669
                                                                                                                                                                                                                              • Instruction ID: c7cec2f3225e14f290216b143f16967aab57fd3694b8c1ac251b3c72ff913722
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a264bdf7196f54d9f9dcf3f5f7f68f46268d3144cc707cd2af501bcdc4cd9669
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D916531B1024186FB108BB5C9807CE77A2BBA97E8F58C515CE99C7BA4EB3DD0928741
                                                                                                                                                                                                                              Function 61CD4620 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 117stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemallocmemcpystrchrstrlen
                                                                                                                                                                                                                              • String ID: and,$http://$local$or,
                                                                                                                                                                                                                              • API String ID: 3771145599-2506292620
                                                                                                                                                                                                                              • Opcode ID: 29f58867a350d69b995ed17f2467fb20027537f641024853693f2d1bf77cabfc
                                                                                                                                                                                                                              • Instruction ID: 6fc9e80909a871a0d05d91f6194abb6954bdcc42c5f85b0f82c43a015ac90e8d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29f58867a350d69b995ed17f2467fb20027537f641024853693f2d1bf77cabfc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9931B625B06698D1FA118B92A90036E2B91A742BF8F8AC7158F3817FD4FB3AD057C311
                                                                                                                                                                                                                              Function 61CCA205 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for list, xrefs: 61CCB635
                                                                                                                                                                                                                              • bad marshal data (list size out of range), xrefs: 61CCAF48
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_List_Occurred
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for list$bad marshal data (list size out of range)
                                                                                                                                                                                                                              • API String ID: 1902535023-3453879413
                                                                                                                                                                                                                              • Opcode ID: a87cce3945d53ceaaec59dfc901a9f23f182f20f425b29dff9572d6452ab331e
                                                                                                                                                                                                                              • Instruction ID: 74d973b6c82713e991628c19c8cc0a34d2771ee9677d25c4354e1f793238afee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a87cce3945d53ceaaec59dfc901a9f23f182f20f425b29dff9572d6452ab331e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0313A71246B51C2EA158BAAE49475E33A6BB85F84F09C425CD0E07724FF39C899C742
                                                                                                                                                                                                                              Function 00007FFB0BC36C12 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error$Y_freeY_newY_set1_
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                              • API String ID: 520254984-4238427508
                                                                                                                                                                                                                              • Opcode ID: bd464dee4de3cd23d81958046336a0d1af79ae9319f2322e60d4872f49853e5c
                                                                                                                                                                                                                              • Instruction ID: 3d457c015fc283646dee5d4b26d3bd92568462990d5af5c3c618900501d21c3f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd464dee4de3cd23d81958046336a0d1af79ae9319f2322e60d4872f49853e5c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D2157A1B1C552A2F720DB35F400AAD6390FB88B84F444531DE8D87FA5DF3DE5528B04
                                                                                                                                                                                                                              Function 61CCA370 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (tuple size out of range), xrefs: 61CCB224
                                                                                                                                                                                                                              • NULL object in marshal data for tuple, xrefs: 61CCB463
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_OccurredTuple_
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for tuple$bad marshal data (tuple size out of range)
                                                                                                                                                                                                                              • API String ID: 3674511531-3094253248
                                                                                                                                                                                                                              • Opcode ID: 71e0c9737f81c3565dff363f523eb30309285aa33aca99aae29edf52d1e2107b
                                                                                                                                                                                                                              • Instruction ID: 784ea46ce305314ad18014f5c9bc7b5c95d934dbf37fa88597c88c19386e91ff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71e0c9737f81c3565dff363f523eb30309285aa33aca99aae29edf52d1e2107b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5212E71346B51C6EA14CBA9D58875E33A6BB89F85F1AC514CD0E47324FF39C898C781
                                                                                                                                                                                                                              Function 61CC94D0 Relevance: 16.8, APIs: 11, Instructions: 338fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3559309478-0
                                                                                                                                                                                                                              • Opcode ID: 5e1dc6febd64f9042e72d36431d433e36e5d46976fd542005d9f4f35b91988ae
                                                                                                                                                                                                                              • Instruction ID: 8457e8d77e75f0d1439d7db817747e8abad2759086f5dec60a058f97d5f2d0b3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e1dc6febd64f9042e72d36431d433e36e5d46976fd542005d9f4f35b91988ae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CAC155B6211B84C5DB15CFAAE44478D37A4F319FECF648216DE6D1B388EA38C995C381
                                                                                                                                                                                                                              Function 61CDDED0 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: aes$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                                                              • API String ID: 1004003707-455514378
                                                                                                                                                                                                                              • Opcode ID: 4513fc7f914963b0cbd3d208ec4f68ddf40bdcc3dfb417b920b8adcec4295e37
                                                                                                                                                                                                                              • Instruction ID: 9dab4774c7fc1ddc2c46e81ef651dc0aa889c6b9d792af6abe436f1d3d02c141
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4513fc7f914963b0cbd3d208ec4f68ddf40bdcc3dfb417b920b8adcec4295e37
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1314331B0268689FF25DAA696D47FE6765EF84BC8F01C150DF2A8B984FF24D10AC711
                                                                                                                                                                                                                              Function 61CCA3A0 Relevance: 16.6, APIs: 11, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Dict_$AppendErr_ItemList_Occurred
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 30499974-0
                                                                                                                                                                                                                              • Opcode ID: 4fe2ec7ce7adf009189f148be903c58141f0356158a6167416c93571fe15460d
                                                                                                                                                                                                                              • Instruction ID: d7d1053d46f04b682dcc22fd5902d86f3d17e71541cebdc1e7731b1a8ef527fd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fe2ec7ce7adf009189f148be903c58141f0356158a6167416c93571fe15460d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2311A31646B40D6EA599FA6E91835E33B5B78AF98F0CC424CE4E46724FE3DC851C342
                                                                                                                                                                                                                              Function 61CD2DE0 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3483679945-0
                                                                                                                                                                                                                              • Opcode ID: 2ef620387ae84fae21d26180c3c15083aadb5e446257ce9ca419757b2d01634b
                                                                                                                                                                                                                              • Instruction ID: 85d0d4f7944e3a35530cd778f185fd4eefcb396b4eb1210a9cf47539c82dc765
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ef620387ae84fae21d26180c3c15083aadb5e446257ce9ca419757b2d01634b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1611D31270160694EA14E7B77C107AE96926BCABD9F49C136AE2C977A4FF38C002C350
                                                                                                                                                                                                                              Function 61CC1660 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$FormatOccurred
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 4038069558-1595188566
                                                                                                                                                                                                                              • Opcode ID: f9610f2a25ef7a59d03c785dbc32e3411bb60fa61ebe9aa1fe774c1f4d94c1b2
                                                                                                                                                                                                                              • Instruction ID: 5922db436765376da80ba3c8fa6ec99c5cc121135d1323adbceffb0ae6774fd5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9610f2a25ef7a59d03c785dbc32e3411bb60fa61ebe9aa1fe774c1f4d94c1b2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3341B172615780C6EB048BAFA4513AE7B71F786FD8F4D8025CE4E07B24EE29C942C741
                                                                                                                                                                                                                              Function 61D40D40 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: signal
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 1946981877-1584390748
                                                                                                                                                                                                                              • Opcode ID: 99e9f4763ba3245d04afdfd965b8f3068407ec19efe5095d6deb2f451f5baa97
                                                                                                                                                                                                                              • Instruction ID: 0e6b50e8f1e7ad68c1b26515caa482bc998f57ec2cd29009131d19cb1f668d48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99e9f4763ba3245d04afdfd965b8f3068407ec19efe5095d6deb2f451f5baa97
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9131702070550586FA3543F944503E914629BEE3F8F1CCA39CAB9C73E5DF5D98F50222
                                                                                                                                                                                                                              Function 61CC9E20 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CC9E30
                                                                                                                                                                                                                              • PyUnicode_DecodeUTF8.PYTHON310 ref: 61CCA6FF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (string size out of range), xrefs: 61CCAEC5
                                                                                                                                                                                                                              • surrogatepass, xrefs: 61CCA6F5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DecodeErr_OccurredUnicode_
                                                                                                                                                                                                                              • String ID: bad marshal data (string size out of range)$surrogatepass
                                                                                                                                                                                                                              • API String ID: 1138423624-4021928140
                                                                                                                                                                                                                              • Opcode ID: cfc3595712a3e096a524b85f8e51fede40032b7c15b336b64b3dc7db1e4364e0
                                                                                                                                                                                                                              • Instruction ID: b1f7c7e69a6263a6538a3478a02633f2ad3c7674fbe5c8b92e55900d957f3f71
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfc3595712a3e096a524b85f8e51fede40032b7c15b336b64b3dc7db1e4364e0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9731B432246654C6EA15CF5AE44879E73A6FB95F95F0AC524CE0E07314FF38D88AC781
                                                                                                                                                                                                                              Function 61CC7FC0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$FetchFormatFromObject_RestoreWindowsstrerror
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 2858978339-1595188566
                                                                                                                                                                                                                              • Opcode ID: 986e9425b6669b90e83ec099073c66fd55e6c6553391f986e69974411f2f7ed9
                                                                                                                                                                                                                              • Instruction ID: 5217c873a75199fcbf04a77795d7ed3c7157475a3a7423297fcc6a547475c8ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 986e9425b6669b90e83ec099073c66fd55e6c6553391f986e69974411f2f7ed9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F421B072605B44C2EB008B69E8907DE7761FBCAF84F898026CE4E13364DE3EC846C381
                                                                                                                                                                                                                              Function 61CCF490 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 58fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for object, xrefs: 61CCF57E
                                                                                                                                                                                                                              • XXX readobject called with exception set, xrefs: 61CCF54D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$FreeList_Mem_Stringfwrite
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for object$XXX readobject called with exception set
                                                                                                                                                                                                                              • API String ID: 4281374468-3392712392
                                                                                                                                                                                                                              • Opcode ID: dc6df9b40210079467497c110de4b1396907f1b0b2f936bc6119ed9524df5a46
                                                                                                                                                                                                                              • Instruction ID: 7a2e8630803e4e962a94717a91c01f94859623866d17cb356d8c18b4c6caff74
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc6df9b40210079467497c110de4b1396907f1b0b2f936bc6119ed9524df5a46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A219031205B40CAEB048FA5F84475E77A1FB95F88F188025DA8E47764EF3DC856C741
                                                                                                                                                                                                                              Function 61CCF3A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for object, xrefs: 61CCF46E
                                                                                                                                                                                                                              • XXX readobject called with exception set, xrefs: 61CCF43D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$FreeList_Mem_Stringfwrite
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for object$XXX readobject called with exception set
                                                                                                                                                                                                                              • API String ID: 4281374468-3392712392
                                                                                                                                                                                                                              • Opcode ID: 8d57ed226082482c3a2c1aeb7c31c0b4a1fae592a559b3213bae24a64d24d32e
                                                                                                                                                                                                                              • Instruction ID: b2b33b74236ffb2b8679ad53ec696ff2de2faa6f5c1e1399e8f2f2c9b21ea9ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d57ed226082482c3a2c1aeb7c31c0b4a1fae592a559b3213bae24a64d24d32e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60118B31206A40D9FA059BA9F8447AE67B0FB89F88F1C8125DE4D42324FF3EC896C741
                                                                                                                                                                                                                              Function 61CCF080 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CCF108
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CCF127
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 28673812-3742967138
                                                                                                                                                                                                                              • Opcode ID: f5565295976b8d0e9911378bb928282a3e7fa7f9ff04086d046c3fae7b5c9962
                                                                                                                                                                                                                              • Instruction ID: ee696c1bbcf004c79bf2d6fe273efb4044477f8fb24a50038606dc243b3f587b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5565295976b8d0e9911378bb928282a3e7fa7f9ff04086d046c3fae7b5c9962
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D110430705A40C9EB144BFAEC947992362B789FD9F0C8221CD5D433A4EE2E8959C352
                                                                                                                                                                                                                              Function 61CCF150 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61CCF1CB
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61CCF1E7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 28673812-3742967138
                                                                                                                                                                                                                              • Opcode ID: b686c1d27bde5cab8e1aeb4dc128f4ba9875edd9f7e429db6371fc7f12f23ca9
                                                                                                                                                                                                                              • Instruction ID: 7cc2239c7b38a7b75990796eb19132900b62758753b2f3d5eebbc1df96f49c75
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b686c1d27bde5cab8e1aeb4dc128f4ba9875edd9f7e429db6371fc7f12f23ca9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE119231701540C6FA049BEAEC407892322A78AFE8F0C8225CD1D073E4EE3E8D55C381
                                                                                                                                                                                                                              Function 61CDFB70 Relevance: 15.5, APIs: 2, Strings: 8, Instructions: 455COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                                                              • API String ID: 306872129-2031961738
                                                                                                                                                                                                                              • Opcode ID: c0a3150551e138589425c658f5d8db749d264fa9f7b805cfee66ecb5cd0106df
                                                                                                                                                                                                                              • Instruction ID: 0151bc3ec68a4d056710fef589804edc2c38616b4d6783f1eabc269235cc0161
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0a3150551e138589425c658f5d8db749d264fa9f7b805cfee66ecb5cd0106df
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B120A72208B81C6E7608F66E44479EB7B4F785BC8F148116EF8987B58EF79C495CB80
                                                                                                                                                                                                                              Function 61CDE350 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • hash != NULL, xrefs: 61CDE5BE
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_hash.c, xrefs: 61CDE5B7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                                                              • API String ID: 1475443563-1465673959
                                                                                                                                                                                                                              • Opcode ID: d2ceb6592125d6edbe34748161da828b04d998744f7ca786a42611a48647974a
                                                                                                                                                                                                                              • Instruction ID: 299f8286cc3b1fbab02f13aeb4ef8e37453e7965f2bd8d91847e6b1636a7153d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2ceb6592125d6edbe34748161da828b04d998744f7ca786a42611a48647974a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B619C72701B4486E750CB66E884B9EB7A8F744BC8F418125CF9987B50FF39E19AC350
                                                                                                                                                                                                                              Function 61CDE5E0 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_prng.c, xrefs: 61CDE80F
                                                                                                                                                                                                                              • prng != NULL, xrefs: 61CDE816
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                                                              • API String ID: 1475443563-58737364
                                                                                                                                                                                                                              • Opcode ID: 51f73355685b8cdd7501c1315a9cda5064aed90e240e2d9bc6618430435fcd6d
                                                                                                                                                                                                                              • Instruction ID: a86ad49dae76f4c3a739ebdc7036aac9fd4de47bca1c99acaac826aa483977a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51f73355685b8cdd7501c1315a9cda5064aed90e240e2d9bc6618430435fcd6d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA516E32710B9596E790CF52D9C8B9FBBA8FB48BC4F468025CF2983640EB34E159C711
                                                                                                                                                                                                                              Function 61CDE020 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                                                              • API String ID: 1004003707-2030105502
                                                                                                                                                                                                                              • Opcode ID: cc53707e9c0a7693929d3ae0d03d1013efb609465a4567c9a0196d7a117ec9c5
                                                                                                                                                                                                                              • Instruction ID: 6956a928aa1e8bd94b76c4cc5e940ac7dd490f7976a9855fe8bdba52e17ed856
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc53707e9c0a7693929d3ae0d03d1013efb609465a4567c9a0196d7a117ec9c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88314031702546C9FF159AA39AD47FEA766AB45BC8F408120CF2A8B945FB24E107D320
                                                                                                                                                                                                                              Function 61CDDD80 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • name != NULL, xrefs: 61CDDEB8
                                                                                                                                                                                                                              • src/misc/crypt/crypt_find_cipher.c, xrefs: 61CDDEB1
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                                                              • API String ID: 1004003707-679692990
                                                                                                                                                                                                                              • Opcode ID: cd8908598153d0c7e152046bf9a905de07450af512f64240ef1d2a504e1d9607
                                                                                                                                                                                                                              • Instruction ID: 7a347d85db833161780adca2f769910e31a9449ee968256a2ea78c0337d2da7e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd8908598153d0c7e152046bf9a905de07450af512f64240ef1d2a504e1d9607
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6312121B0268789FF15DA929AD47FE6765EF91BC8F01C1508F2A8BD84FB24D506C710
                                                                                                                                                                                                                              Function 61CC13C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ObjectSizeSys_Unicode_getenv
                                                                                                                                                                                                                              • String ID: LANG$PYARMOR_LANG$_PARLANG
                                                                                                                                                                                                                              • API String ID: 223123148-1822377752
                                                                                                                                                                                                                              • Opcode ID: 084834abde023e610e8cd6031b6826ba0d715a3312432c0e1c3af8454c7595a5
                                                                                                                                                                                                                              • Instruction ID: fc36031750c0e90e8f8e9085fbe6f4de4f2eba3975ff6abdacda3efa3ef88458
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 084834abde023e610e8cd6031b6826ba0d715a3312432c0e1c3af8454c7595a5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB51C0B26092E0C5EB02CBAF91903ADBFB3A742F85F4DC016CA9947355E729C895C352
                                                                                                                                                                                                                              Function 61CD9020 Relevance: 13.9, APIs: 3, Strings: 6, Instructions: 356stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: 8$@$MD5$in != NULL$md != NULL$src/hashes/md5.c
                                                                                                                                                                                                                              • API String ID: 39653677-1219784974
                                                                                                                                                                                                                              • Opcode ID: 951779170d8a5b9b30fa3bf48e0d66b6c572d7ac9aa812464d02b1f4f448ba23
                                                                                                                                                                                                                              • Instruction ID: a58da727a0480f5cbc62a21c7d68b21cbacb829f8dc12bed4bab6d2edc394db9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 951779170d8a5b9b30fa3bf48e0d66b6c572d7ac9aa812464d02b1f4f448ba23
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CD1F1B7A082C1CAF705CB9AE46476EBFA0E392388F449119CF820BB45F779D445CB42
                                                                                                                                                                                                                              Function 61CE8240 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                                                              • API String ID: 2803490479-2931318352
                                                                                                                                                                                                                              • Opcode ID: 424f0cd2d71e7f237aeab08e1849e8302eb8ef1ecc1ab36f7dfef96e60b5a402
                                                                                                                                                                                                                              • Instruction ID: 456cb0b97573ba8b77dcdfc2e184205ecb6c07c4da1ee35fe17198277bb671d4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 424f0cd2d71e7f237aeab08e1849e8302eb8ef1ecc1ab36f7dfef96e60b5a402
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2513432758281CAEB02CF659918B7E7FA1EB41B88F49C018CE6647A45FB39D115EB10
                                                                                                                                                                                                                              Function 00007FFB0BC78C40 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_new
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$n
                                                                                                                                                                                                                              • API String ID: 458078758-706774904
                                                                                                                                                                                                                              • Opcode ID: 157325870e04d7ae13f5d959090b7e94d71faf3629bff73161b6ccd23dfb00d1
                                                                                                                                                                                                                              • Instruction ID: 7e8baedc31210601b70bd91313c4f4b9afabe868cc0380b081886c8324c467cb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 157325870e04d7ae13f5d959090b7e94d71faf3629bff73161b6ccd23dfb00d1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42515CB2A0868295E7A08F26D444BBD37A0FB85B84F58C135DE8E97BA5CF3CD485C750
                                                                                                                                                                                                                              Function 00007FFB0BA31180 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeallocStringmemmove$Bytes_Err_FromSize
                                                                                                                                                                                                                              • String ID: Unable to allocate output buffer.
                                                                                                                                                                                                                              • API String ID: 1583460924-2565006440
                                                                                                                                                                                                                              • Opcode ID: 302ccff948575bc5b6c0570f94851fca6a0315b5f66909de60de6dc7c0aacbcc
                                                                                                                                                                                                                              • Instruction ID: 0641fd7fc4d785a5c8db843a601e5f583f37353d75882602fe72a10eef56a4a5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 302ccff948575bc5b6c0570f94851fca6a0315b5f66909de60de6dc7c0aacbcc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A416BB7A08B4582EB159F66E4406A9B7A0FB58FE4F488436DE4E83764CF3CD595C300
                                                                                                                                                                                                                              Function 61CC9E90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyUnicode_FromKindAndData.PYTHON310 ref: 61CC9ED6
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CCA927
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CCA91A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DataErr_FromKindStringUnicode_
                                                                                                                                                                                                                              • String ID: EOF read where object expected
                                                                                                                                                                                                                              • API String ID: 3898585613-3634523442
                                                                                                                                                                                                                              • Opcode ID: c0dfd882597c459ca2c45ccd648d82792411e9ee5c2719ce2377cce0c49b3903
                                                                                                                                                                                                                              • Instruction ID: 7a8d1219fab3fcf4e63fd980eb9c21017ff4bc329c4e9ab1c17991e23e95a47e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0dfd882597c459ca2c45ccd648d82792411e9ee5c2719ce2377cce0c49b3903
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71319E72245690C2EA11CB59D488B9E33A6FB95F95F0AC514CE4E07764FF38DC85C782
                                                                                                                                                                                                                              Function 61CC8C40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61CC8D4C
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CC8CF9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_S_string_to_doubleStringmemcpy
                                                                                                                                                                                                                              • String ID: EOF read where object expected$marshal data too short
                                                                                                                                                                                                                              • API String ID: 1651926552-3827827332
                                                                                                                                                                                                                              • Opcode ID: 2464580acd458d5753a468efcbbe4a21debe9c40ffff299863aba6a85a0b94ac
                                                                                                                                                                                                                              • Instruction ID: c51cd361922d3c50bd81649438d5a6ebe32f6113eac8ae8ea8c9f471fa468775
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2464580acd458d5753a468efcbbe4a21debe9c40ffff299863aba6a85a0b94ac
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A315072606A14C4EF159F69E4507AE3361B745FC8F5886228E0D07358EF39C9A6E382
                                                                                                                                                                                                                              Function 00007FFB0BC21C7B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                              • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                              • Opcode ID: d9b458d87d1dcdf048473b1e37ef7f024ece06dd3e70e12fcda0ab5187114a4e
                                                                                                                                                                                                                              • Instruction ID: 5eb80abf881529ed4d056e9678530a404dbe64d619a10fa82ae9c3cab0596f8f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9b458d87d1dcdf048473b1e37ef7f024ece06dd3e70e12fcda0ab5187114a4e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 873171A1A0C742A6F6349B22D500EBA6351FB45B84F148035EE8FDBFA6DF3CE5418740
                                                                                                                                                                                                                              Function 00007FFB0BA31070 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: String$Err_$AppendBytes_DeallocFromList_Size
                                                                                                                                                                                                                              • String ID: Unable to allocate output buffer.
                                                                                                                                                                                                                              • API String ID: 2547554596-2565006440
                                                                                                                                                                                                                              • Opcode ID: 7e1e3b8c1928b2da807ddf7aa8ca177fec8d15fc26be477a22987a1ae2f2f214
                                                                                                                                                                                                                              • Instruction ID: 9387b7f3ca7d6cf74785395f2aecf48071fd057cc085986e6210871e472177bb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e1e3b8c1928b2da807ddf7aa8ca177fec8d15fc26be477a22987a1ae2f2f214
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB313C62B19B4291EA11CB25E85097973A4FB55FA4B548232EE6F93BB4DF3DE4448300
                                                                                                                                                                                                                              Function 61CC8F60 Relevance: 12.2, APIs: 8, Instructions: 242fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3559309478-0
                                                                                                                                                                                                                              • Opcode ID: 008ce2509c13a5ab9b6920b27a6fc40c9acce8c9e7eac2d2739917e958a3a980
                                                                                                                                                                                                                              • Instruction ID: de9ef5dd44cdd0db2dc3a10afdb5792d1cffec1feab7e23b777b447c855c55ac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 008ce2509c13a5ab9b6920b27a6fc40c9acce8c9e7eac2d2739917e958a3a980
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 059178B2201B80C5DB148FAAD54079E77A1F749FE8F548216DF6D17398EB38C9A5C381
                                                                                                                                                                                                                              Function 61CC9A80 Relevance: 12.2, APIs: 8, Instructions: 169filestringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$S_double_to_stringstrlen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4243900985-0
                                                                                                                                                                                                                              • Opcode ID: ecbd26a3e9798ba1015ee492ec2b0414e346e34950d56f649ccebdd5c5e8a869
                                                                                                                                                                                                                              • Instruction ID: 1e01fda9b0bc870917f58c908cf957d806abc955f6c6f5811d58bc86484e8c75
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecbd26a3e9798ba1015ee492ec2b0414e346e34950d56f649ccebdd5c5e8a869
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F5157B6301B44C5DB05CF6AE55439A37A1F748FE8F588226CE1E07798EB38C9A5C381
                                                                                                                                                                                                                              Function 00007FFB0BC21C3A Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_peek_error
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3623038435-0
                                                                                                                                                                                                                              • Opcode ID: 0567de2ce4e0dd17345ebb43f0f769471d0af108d9aa9bfeb788f01831d6215d
                                                                                                                                                                                                                              • Instruction ID: aa5620696d1af9f2b5560de4cc27559758fc30672fe247d058f9be3e33e74f1f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0567de2ce4e0dd17345ebb43f0f769471d0af108d9aa9bfeb788f01831d6215d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 524161A2E18542A2FB789621C251B391291EF95B90F189030EE4FD7B99DF1CEA91C710
                                                                                                                                                                                                                              Function 61CE28D0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                                                              • API String ID: 306872129-3913984646
                                                                                                                                                                                                                              • Opcode ID: c0560e164827532662980ec12e0a83054e6251596020f6c4d742f45c44b32a39
                                                                                                                                                                                                                              • Instruction ID: 013d3ad2bafcf9441b519c014138dddf0c5fef0ae8e63596009b5886bbf92516
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0560e164827532662980ec12e0a83054e6251596020f6c4d742f45c44b32a39
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54414A723192C2DAE730CB66E8557DEB7A1F388388F4481168A9847B48EB7DC145CB10
                                                                                                                                                                                                                              Function 00007FFB0BC23B30 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3836630899-0
                                                                                                                                                                                                                              • Opcode ID: 0657600688c88f7dbd994915641526f6ec11eadcdc6ba18dc5d8e5d557d44d07
                                                                                                                                                                                                                              • Instruction ID: a494322b4e6178b6baa4d773662c2373a7bc5b783636bbb3761b94804d179fb3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0657600688c88f7dbd994915641526f6ec11eadcdc6ba18dc5d8e5d557d44d07
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3241D6B2A0825266E734AB3AE505A397251EF80BD4F10C035DE4BC7FA6CE3CE8519744
                                                                                                                                                                                                                              Function 00007FFB0BA31470 Relevance: 12.1, APIs: 8, Instructions: 101threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Eval_Thread$DeallocRestoreSave$Bytes_FromList_SizeString
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2275295419-0
                                                                                                                                                                                                                              • Opcode ID: 5933d949b30942274c393e5cfa0f89909fbd9161848d49aca86a962fd84fa288
                                                                                                                                                                                                                              • Instruction ID: dcd53fd5142a967970506434f66c768f4a9d8ca97cef64932fa2e69b4f006d13
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5933d949b30942274c393e5cfa0f89909fbd9161848d49aca86a962fd84fa288
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B41A572A0CB8685EB219F31E4147AAB3A0FB94B54F448136EE8E93B65EF3CD445C740
                                                                                                                                                                                                                              Function 00007FFB0BA78D30 Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 987259897-0
                                                                                                                                                                                                                              • Opcode ID: 896fa3ff6dc6034e01015742b7d00b17e3cd593d516e5aaf0fa330e4b8c5e894
                                                                                                                                                                                                                              • Instruction ID: 7aebbed4e1dd7a3f01a55bab0b50aa5565934974e9be50c43c36dde7a72cedaa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 896fa3ff6dc6034e01015742b7d00b17e3cd593d516e5aaf0fa330e4b8c5e894
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04B127B6305AC08AD740CF29C8947AE7BA1E749B89F08C139CF4A4B759CF39D552CB61
                                                                                                                                                                                                                              Function 00007FFB0BC70BB0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFB0BC6E140), ref: 00007FFB0BC70D3C
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFB0BC6E140), ref: 00007FFB0BC70D59
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFB0BC6E140), ref: 00007FFB0BC70D76
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFB0BC6E140), ref: 00007FFB0BC70D8F
                                                                                                                                                                                                                              • X509_get0_pubkey.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFB0BC6E140), ref: 00007FFB0BC70DCE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: N_bin2bn$X509_get0_pubkey
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                              • API String ID: 3650846462-1507966698
                                                                                                                                                                                                                              • Opcode ID: fe50a2ecc3c8e04a7c1f821741a42b66c01268c629289436dbea9068b983fa2b
                                                                                                                                                                                                                              • Instruction ID: 092704fbf89bdc6362d083af07c4690bd6ceae61c5999206ebfdc1f1df6c139b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe50a2ecc3c8e04a7c1f821741a42b66c01268c629289436dbea9068b983fa2b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C61C962A29B8156E7618B35E8049AEB790FB85784F04D135FECE96B65EF3CE1908700
                                                                                                                                                                                                                              Function 61D405F0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 61D407C8
                                                                                                                                                                                                                              • Address %p has no image-section, xrefs: 61D407D9
                                                                                                                                                                                                                              • VirtualProtect failed with code 0x%x, xrefs: 61D4077A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: QueryVirtual
                                                                                                                                                                                                                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                                                              • API String ID: 1804819252-2123141913
                                                                                                                                                                                                                              • Opcode ID: e3360d4c06574b5eea2f515d56ba30c5f06766eed3d493ec13c250ad1d72e7c1
                                                                                                                                                                                                                              • Instruction ID: f6900d4f7ef92b9adc2eb15d78f4fbf757fd8aafeec77a1343ecbd2e1f7b0831
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3360d4c06574b5eea2f515d56ba30c5f06766eed3d493ec13c250ad1d72e7c1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E051D176711B4186EB118F65E8807DD77B2FB98BE4F18C225DE5A877A4DB38C442C740
                                                                                                                                                                                                                              Function 61CC9D40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (unknown type code), xrefs: 61CCA517
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61CC9E07
                                                                                                                                                                                                                              • recursion limit exceeded, xrefs: 61CCA53E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                                              • String ID: EOF read where object expected$bad marshal data (unknown type code)$recursion limit exceeded
                                                                                                                                                                                                                              • API String ID: 1450464846-1585441539
                                                                                                                                                                                                                              • Opcode ID: 97990b93ec76f01c481a29309820d77bcf3efc69b58b3c3a0d30d8f7edfb43d1
                                                                                                                                                                                                                              • Instruction ID: a6c6e0d489ff8fdd65699c3ba8b44814556e03277ac077c74b6166bb0ea9a9fb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97990b93ec76f01c481a29309820d77bcf3efc69b58b3c3a0d30d8f7edfb43d1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68319E32204A84D1EB118B1DE8807ED37B1BB98B9DF459611DE4907374EF39C89AC351
                                                                                                                                                                                                                              Function 61D40330 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 56timethreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 61D40375
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 61D40380
                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 61D40389
                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 61D40391
                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 61D4039E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                              • String ID: Jzkx;
                                                                                                                                                                                                                              • API String ID: 1445889803-166890614
                                                                                                                                                                                                                              • Opcode ID: e6fe8e715f36b92305f8865e5d64e7a76eb53a137695b293f4a5d4904744732b
                                                                                                                                                                                                                              • Instruction ID: 7fe22ee49643e842c2f244a8a0361d35afe0d873d50b104639b1058eaa2a56fe
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6fe8e715f36b92305f8865e5d64e7a76eb53a137695b293f4a5d4904744732b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE118C36655A5096FB108B65F80839A66A1B74C7B0F084670DE9D437A4EA3DC495C340
                                                                                                                                                                                                                              Function 61CCA231 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (bytes object size out of range), xrefs: 61CCAF13
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Bytes_Err_FromOccurredSizeStringmemcpy
                                                                                                                                                                                                                              • String ID: bad marshal data (bytes object size out of range)
                                                                                                                                                                                                                              • API String ID: 2675459810-66224825
                                                                                                                                                                                                                              • Opcode ID: 10ce5bc18453f0e0975be722a1f3b87c03ec3971229ce1b931d8cb73e9a5fe81
                                                                                                                                                                                                                              • Instruction ID: 5a8b052af42448d0df62f79ae26deaaf12a6c5602022c6da425243ec5e057af5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10ce5bc18453f0e0975be722a1f3b87c03ec3971229ce1b931d8cb73e9a5fe81
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69114C71346641C6DA14CB56D488B5E3366F795F89F0AC518CD0E07318FF38D889C781
                                                                                                                                                                                                                              Function 61CD1250 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Number_$DeallocErr_InvertNegativePositiveString
                                                                                                                                                                                                                              • String ID: Invalid operator
                                                                                                                                                                                                                              • API String ID: 4031754375-2676212410
                                                                                                                                                                                                                              • Opcode ID: 72d0c2d83629f9037b9bdd1e17e0b47a42f0d58b5ededfb50bded83a974b757d
                                                                                                                                                                                                                              • Instruction ID: 0ee70d3685d96904825a35e0242c6dd309fb5ca0fad1fb29fe08804fd833db2e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72d0c2d83629f9037b9bdd1e17e0b47a42f0d58b5ededfb50bded83a974b757d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BF062B0A55900C1FA544BFDEC8436D7772BB46B95F0C8511DB1982229EF3B8168C341
                                                                                                                                                                                                                              Function 61D417C0 Relevance: 9.1, APIs: 6, Instructions: 137stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _stat64$freemallocmemcpystrlen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4289191721-0
                                                                                                                                                                                                                              • Opcode ID: 4d7a6d4c6dcb027b6a3bc167a2f0e3da75f65b1265891d513389d37f7046c032
                                                                                                                                                                                                                              • Instruction ID: 253301459385229157bde87f3cbf9c6027c15ef475b545e8e0efe2046cc71bc0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d7a6d4c6dcb027b6a3bc167a2f0e3da75f65b1265891d513389d37f7046c032
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0451B326509790D9F7118F61E05036E7BB2EB8EBD8F48C111DAE407758E73EE069C792
                                                                                                                                                                                                                              Function 61CD0810 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_Item$Eval_Globals
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 298195719-0
                                                                                                                                                                                                                              • Opcode ID: 86988c10532e077e80b5825ff2ba1060779fab3d626464a32cb766e7e630b190
                                                                                                                                                                                                                              • Instruction ID: b354fb70988a44d4ef5a8881456140d15e3ca951d22d32111b5d564d8d9443ee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86988c10532e077e80b5825ff2ba1060779fab3d626464a32cb766e7e630b190
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA117062F06615C6FD0AA7AE7C1638D5152AB88FD8F4DC535CE0986718FD38C8E3C650
                                                                                                                                                                                                                              Function 61CD0170 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to alloc memory for spp code, xrefs: 61CD03BB
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtualexitmemcpy
                                                                                                                                                                                                                              • String ID: Failed to alloc memory for spp code
                                                                                                                                                                                                                              • API String ID: 693558432-822294455
                                                                                                                                                                                                                              • Opcode ID: 26119ea84156512c57a93ab792000b700541bf175302572ab37c735e4265d942
                                                                                                                                                                                                                              • Instruction ID: f588416877c51ce70a58660432327294649ba252f7b3af5c444d3b3cf1c804cd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26119ea84156512c57a93ab792000b700541bf175302572ab37c735e4265d942
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D55156B2B46B44C2EB158B4AE88475E77A5FB49BD4F49812ADF5C877A4EF38C061C300
                                                                                                                                                                                                                              Function 61CD0EA5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD0E94
                                                                                                                                                                                                                              • PyErr_GivenExceptionMatches.PYTHON310 ref: 61CD0ED6
                                                                                                                                                                                                                              • PyTuple_Size.PYTHON310 ref: 61CD0F83
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON310 ref: 61CD0FF1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • catching classes that do not inherit from BaseException is not allowed, xrefs: 61CD0FE5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$DeallocExceptionGivenMatchesSizeStringTuple_
                                                                                                                                                                                                                              • String ID: catching classes that do not inherit from BaseException is not allowed
                                                                                                                                                                                                                              • API String ID: 1667255942-1287988286
                                                                                                                                                                                                                              • Opcode ID: 4794c806348665f5b83715d950b53f4be660b4d4c70c339a3d9955c085e1bf86
                                                                                                                                                                                                                              • Instruction ID: 822ecfd5c47890bb366ebf1840e99fc1a34e8a1eaea6fe7e8a624cb256221781
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4794c806348665f5b83715d950b53f4be660b4d4c70c339a3d9955c085e1bf86
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE214472B05B44D1EB058B6EE58079D3BA2AB42F98F18C065CF8DA7724EF39C0A5C351
                                                                                                                                                                                                                              Function 00007FFB0BA317B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_Buffer_Err_ParseReleaseSizeStringTuple_
                                                                                                                                                                                                                              • String ID: BrotliEncoderCompressStream failed while processing the stream$y*:process
                                                                                                                                                                                                                              • API String ID: 2872489292-243030088
                                                                                                                                                                                                                              • Opcode ID: cb8378cd060a40f59fa4d56021550bc41c31a91fa3c041aef3c9e0e738a50166
                                                                                                                                                                                                                              • Instruction ID: 6e2aff33e2e4b768ea17fa645a984212c109b980dc75101a0b1abde5818a2fde
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb8378cd060a40f59fa4d56021550bc41c31a91fa3c041aef3c9e0e738a50166
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68F081D2F0974281EF159B71D8508B963A1BF98F85B448032DD5E87B34EE3CE5958600
                                                                                                                                                                                                                              Function 61CD1430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • No active exception to reraise, xrefs: 61CD145C
                                                                                                                                                                                                                              • local variable referenced before assignment, xrefs: 61CD147B
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Format$Occurred
                                                                                                                                                                                                                              • String ID: No active exception to reraise$local variable referenced before assignment
                                                                                                                                                                                                                              • API String ID: 1084603930-1116140797
                                                                                                                                                                                                                              • Opcode ID: 153211c257bc3c701679cc37a868dcc593d2a40b120f780d67d6ecf5787985c6
                                                                                                                                                                                                                              • Instruction ID: 0c08b7093e71375221b02caf93ded2bb198747667dd03db2b45b2988366fb7d1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 153211c257bc3c701679cc37a868dcc593d2a40b120f780d67d6ecf5787985c6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6F01C74B01705C1EF059BF9E9843D823B2AB48B99F4D8412CD0847329EE6EC0E9C380
                                                                                                                                                                                                                              Function 61CD3280 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: sprintfstrlen
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c$/%d:$No any serial number of harddisk got
                                                                                                                                                                                                                              • API String ID: 1090396089-4267867539
                                                                                                                                                                                                                              • Opcode ID: 27835472972962e7d8b12cca516c6a3ea77c9fb4c442a91a80035d52b9fe9b72
                                                                                                                                                                                                                              • Instruction ID: f516c0985321f488a7e303030dda787d0a3607572fbef158341e49029eea568b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27835472972962e7d8b12cca516c6a3ea77c9fb4c442a91a80035d52b9fe9b72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6314BA3F19450C9E711CBBAAC503AD6662A786FE4F8CD221CF255B785FE398587C301
                                                                                                                                                                                                                              Function 61CD2210 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyFunction_NewWithQualName.PYTHON310 ref: 61CD225C
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON310 ref: 61CD22E7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeallocFunction_NameQualWith
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2691592392-0
                                                                                                                                                                                                                              • Opcode ID: f95b4e2e66a4c9c8375b2ea10285f41ef03a86e359eb67a7339921d62caba8c1
                                                                                                                                                                                                                              • Instruction ID: a42d98bdad1160b31b6e96f2b03863f22a07528599c1e2c0a06c5de40267255d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f95b4e2e66a4c9c8375b2ea10285f41ef03a86e359eb67a7339921d62caba8c1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18318532A46B41C6FA1A9FB6A96436D76A8F746FA4F0CC024EF5906B14FF35C0A1C340
                                                                                                                                                                                                                              Function 61CE1AF0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                                                              • API String ID: 0-3192267683
                                                                                                                                                                                                                              • Opcode ID: a132fe9d3c931d8f367e0c198a045378a66cf2e5c59796bcdd1bb30ee8564d6d
                                                                                                                                                                                                                              • Instruction ID: 8a03e82c189c03bafe364b2dc353582702c33b511c06ead68af5f0a49eba3cb1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a132fe9d3c931d8f367e0c198a045378a66cf2e5c59796bcdd1bb30ee8564d6d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C313872704641C6EB119B5ABC0879E6B75B785BD8F488525ED0A8BB94FB3CC465C700
                                                                                                                                                                                                                              Function 61CC2C80 Relevance: 7.6, APIs: 5, Instructions: 60librarystringloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProcstrlen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2109734435-0
                                                                                                                                                                                                                              • Opcode ID: f2e846fb2c19a8523d0ca7eeedb091a186ec1a5d0f146ef45fe447df792cd647
                                                                                                                                                                                                                              • Instruction ID: 4a35bbdb5e5d2b9d7c81e8ca6d4bb91113a2a09e553d019872794171873e2b5f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2e846fb2c19a8523d0ca7eeedb091a186ec1a5d0f146ef45fe447df792cd647
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F110222751AD895EB009B66DC44BAD7B21FB8AF95F4CC021ED2D07351DE2CC802C301
                                                                                                                                                                                                                              Function 61CCA3E0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC87F0: _PyFloat_Unpack8.PYTHON310 ref: 61CC8821
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA404
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA5CD
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Occurred$Float_Unpack8
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3006406168-0
                                                                                                                                                                                                                              • Opcode ID: 501b29d1d3876e6448bb05cf927f858b29cca4c8a5f6e17b70dd6bb2755f4a3d
                                                                                                                                                                                                                              • Instruction ID: 700063acca4311d444a2fd7ae59b684fe26d229d725ecb24c1246fac8a45204f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 501b29d1d3876e6448bb05cf927f858b29cca4c8a5f6e17b70dd6bb2755f4a3d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3118671646640C6E605CBA6D058B5F3376FBA6F85F16D209DD0A17224FF35DC82C782
                                                                                                                                                                                                                              Function 61CCA323 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC8C40: memcpy.MSVCRT ref: 61CC8C99
                                                                                                                                                                                                                                • Part of subcall function 61CC8C40: PyOS_string_to_double.PYTHON310 ref: 61CC8CAB
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA347
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA62D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Occurred$S_string_to_doublememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 282781714-0
                                                                                                                                                                                                                              • Opcode ID: c92175cb6d05acbed655bdbcef24bb8094a85041decfb6504dfb460c26d3c054
                                                                                                                                                                                                                              • Instruction ID: 39158dc4696a97b758ac24358758e0424e49de78a4dd056024315e0b64323962
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c92175cb6d05acbed655bdbcef24bb8094a85041decfb6504dfb460c26d3c054
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6118171646640C6E605CBA5C058B5F3366FBA6F85F06D605CE0A17220FF34DC82D782
                                                                                                                                                                                                                              Function 61D1E1B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: abortfwrite
                                                                                                                                                                                                                              • String ID: '$illegal index register
                                                                                                                                                                                                                              • API String ID: 1067672060-451399654
                                                                                                                                                                                                                              • Opcode ID: d8045887cefa271ab4d95c9c88bb710ecd9ca9a72e7eb7164d5dd68a5b67e7d3
                                                                                                                                                                                                                              • Instruction ID: 245a7da7f567c917555c6a268769fb94b89fa592ec1747f1a8938a659fe2b8d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8045887cefa271ab4d95c9c88bb710ecd9ca9a72e7eb7164d5dd68a5b67e7d3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60916F7361AB85C4DB138F3EE891A4C7FA5E399F88B9AC112CA4C47B14CA7EC456C711
                                                                                                                                                                                                                              Function 61CD03E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to alloc memory for bcc code, xrefs: 61CD04D7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtualfwritememcpy
                                                                                                                                                                                                                              • String ID: Failed to alloc memory for bcc code
                                                                                                                                                                                                                              • API String ID: 1603020442-783995166
                                                                                                                                                                                                                              • Opcode ID: 199a802a124f0dd70cb6bb3c104f8fb294057d05e5e58635235ee5b3f5035209
                                                                                                                                                                                                                              • Instruction ID: f9496922404758f1185bf47c97da41e61d4e8b8187d92ecdd8efba19aa8409af
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 199a802a124f0dd70cb6bb3c104f8fb294057d05e5e58635235ee5b3f5035209
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43219AB2702B5486DB548F5AE881B6D7BA4F70DFD8F488526DF4D83754EA38C0A2C350
                                                                                                                                                                                                                              Function 00007FFB0BC4EC60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_put_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                              • Opcode ID: 9d5941e97ec8f3985dd6b0ab3c94dbc12eaf10c5b908c9047e169af9a99035f8
                                                                                                                                                                                                                              • Instruction ID: 8934e019b6f09985a1c5f0f5aff2c893b60922d21ff143ab9feff22e73eb7708
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d5941e97ec8f3985dd6b0ab3c94dbc12eaf10c5b908c9047e169af9a99035f8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 373161B1A08B4296E778CF25E444BA97360FB84B84F588535EA8E87BB5CF3DD551C700
                                                                                                                                                                                                                              Function 61CC9F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (string size out of range), xrefs: 61CCA67F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$OccurredString
                                                                                                                                                                                                                              • String ID: bad marshal data (string size out of range)
                                                                                                                                                                                                                              • API String ID: 114435612-3115314950
                                                                                                                                                                                                                              • Opcode ID: 458014c8a6e3af0f62bfaed9ccb612366736837fab92ed0431f7c9052f3e7ec3
                                                                                                                                                                                                                              • Instruction ID: e73ae8f25f1755b4b96d63e83515f4e6ed0dc9f89379c68fc2a5a4eb5c18eff4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 458014c8a6e3af0f62bfaed9ccb612366736837fab92ed0431f7c9052f3e7ec3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0119132206684C5EA128B59E4447AE73A1AB98F99F09C524CE4D07764FE38DCC9C781
                                                                                                                                                                                                                              Function 61CCA4C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$String$Occurred
                                                                                                                                                                                                                              • String ID: bad marshal data (invalid reference)
                                                                                                                                                                                                                              • API String ID: 1118661901-2759865940
                                                                                                                                                                                                                              • Opcode ID: 16c5e58cc9f47daac184bdf30a1e0a24ba23ab9177b4635868d307f7b9b733bd
                                                                                                                                                                                                                              • Instruction ID: 6e982ceabedc4663d5d83811890827929e173cced57f00a71dca263827d6c6ce
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16c5e58cc9f47daac184bdf30a1e0a24ba23ab9177b4635868d307f7b9b733bd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E11E9B1211A41D6EA04CB6AD484B9E33B6F785F98F47D605CA1E07224EF39D8D9C741
                                                                                                                                                                                                                              Function 00007FFB0BA31410 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_LongLong_String
                                                                                                                                                                                                                              • String ID: Invalid lgblock$Invalid lgblock. Can be 0 or in range 16 to 24.
                                                                                                                                                                                                                              • API String ID: 568964304-2070589380
                                                                                                                                                                                                                              • Opcode ID: 98ac89e9ae3e119ae39c4b923ceb1be476487f23198bc6fec9af8334a5baf927
                                                                                                                                                                                                                              • Instruction ID: 18d7a26a73754738869a613121de4f2df3f0328c823c4fc3498e112715ff98a0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98ac89e9ae3e119ae39c4b923ceb1be476487f23198bc6fec9af8334a5baf927
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40F05EF2E0860382FB955775E454A782290FF58B45F94D431E85EC52B0EF5CE8D58700
                                                                                                                                                                                                                              Function 00007FFB0BA313B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_LongLong_String
                                                                                                                                                                                                                              • String ID: Invalid lgwin$Invalid lgwin. Range is 10 to 24.
                                                                                                                                                                                                                              • API String ID: 568964304-1865904581
                                                                                                                                                                                                                              • Opcode ID: 7bd72e1ab808d5623974b6b25a33f8bd190c734804e523a2af81955fbb258cdb
                                                                                                                                                                                                                              • Instruction ID: fc2e9ab460fd26d80ad253d9b4639581f0fed435e032bfc8f4ae2348c0fa3784
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bd72e1ab808d5623974b6b25a33f8bd190c734804e523a2af81955fbb258cdb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7EF0A0F2E0860686EB559B75D494AB823A0EF58B50F94D031D90F8A670EF2CD8D9C700
                                                                                                                                                                                                                              Function 00007FFB0BA31350 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_LongLong_String
                                                                                                                                                                                                                              • String ID: Invalid quality$Invalid quality. Range is 0 to 11.
                                                                                                                                                                                                                              • API String ID: 568964304-3078312006
                                                                                                                                                                                                                              • Opcode ID: bf0f2c2d88753ce6f75839a482aaea8b1615882223bf6accab7f266c8a4c0845
                                                                                                                                                                                                                              • Instruction ID: 7851304cf9b4c50d4efc10fb979f3690ef7e720543dd3bf73e31dc5d980e4645
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf0f2c2d88753ce6f75839a482aaea8b1615882223bf6accab7f266c8a4c0845
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2F065E2E09642C6F7559B75D49467823A0FF58B51F94D031D90ECA670EF2CD8D5C700
                                                                                                                                                                                                                              Function 00007FFB0BA60510 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 987259897-0
                                                                                                                                                                                                                              • Opcode ID: 79d9dcba4dee088979e62e56151a7632dd868efc27c5ebe9eaf823a5f0b8b74d
                                                                                                                                                                                                                              • Instruction ID: 72e7098d96ab373355605f3c046c3c084b503f42a9f1a15147bc52f893a95398
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79d9dcba4dee088979e62e56151a7632dd868efc27c5ebe9eaf823a5f0b8b74d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DD17FB6609B8186DA24CB26E544B6EB3A5FB98BD0F059436CF9E47B58DF3CD0948700
                                                                                                                                                                                                                              Function 00007FFB0BA635B0 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 987259897-0
                                                                                                                                                                                                                              • Opcode ID: 640fcf2c863d9de54116d5ac512887b9e22b6727d00535a97327216d7780aaef
                                                                                                                                                                                                                              • Instruction ID: cc689502220df48d77b48b2208a2330d2b30881481ba26bca586a334134aad36
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 640fcf2c863d9de54116d5ac512887b9e22b6727d00535a97327216d7780aaef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BD19DA6709B8186DE24CB2AE50876AB3A5FB98BC0F049439CF8E47B64DF3CD055C314
                                                                                                                                                                                                                              Function 00007FFB0BA61D60 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 987259897-0
                                                                                                                                                                                                                              • Opcode ID: 59702072734e8ad1273f19b6d99c79a4969c51d14cc5c672e670c6c0901996cd
                                                                                                                                                                                                                              • Instruction ID: 5cbbcaea6dd1ec59c336fb5387c1b439fc1c900f15ac6b87a4b213b2be44493c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59702072734e8ad1273f19b6d99c79a4969c51d14cc5c672e670c6c0901996cd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8D191B2709B8186DA258F26E54876AB7A5FB88BC0F049436DF8E57B68DF3CD450C300
                                                                                                                                                                                                                              Function 00007FFB0BA68880 Relevance: 6.2, APIs: 4, Instructions: 227COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFB0BA68FCA), ref: 00007FFB0BA6894A
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFB0BA68FCA), ref: 00007FFB0BA6898F
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFB0BA68FCA), ref: 00007FFB0BA689D4
                                                                                                                                                                                                                              • memmove.VCRUNTIME140(00000000,?,?,00007FFB0BA68FCA), ref: 00007FFB0BA68A95
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memmove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3336697533-0
                                                                                                                                                                                                                              • Opcode ID: 37c08e7e4291ae7c0fd9f5e7d1ae2ed9a98bb0acaa0912484a1cbda665e6c135
                                                                                                                                                                                                                              • Instruction ID: e163bb99d5f88e6820b502aca224ca0ab6b0a2b09fbe7561eacd524dd2b77570
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37c08e7e4291ae7c0fd9f5e7d1ae2ed9a98bb0acaa0912484a1cbda665e6c135
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EB1B8A2A19F8589D6128F38D0017BDB368FF99784F14D737DB8A66664DF3CA592C200
                                                                                                                                                                                                                              Function 00007FFB0BA69140 Relevance: 6.2, APIs: 4, Instructions: 227COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFB0BA6988A), ref: 00007FFB0BA6920A
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFB0BA6988A), ref: 00007FFB0BA6924F
                                                                                                                                                                                                                              • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFB0BA6988A), ref: 00007FFB0BA69294
                                                                                                                                                                                                                              • memmove.VCRUNTIME140(00000000,?,?,00007FFB0BA6988A), ref: 00007FFB0BA69355
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2$memmove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3336697533-0
                                                                                                                                                                                                                              • Opcode ID: 1680cdc6a483d2b4af0fd29261cfd8d16fc7ddb78b32cb5b10661259ba284ebb
                                                                                                                                                                                                                              • Instruction ID: 5476be56390166f4c892d31dea424683be8ffd7a85b60791b8300be23b1103a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1680cdc6a483d2b4af0fd29261cfd8d16fc7ddb78b32cb5b10661259ba284ebb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DB1ABA2A18F8589D6128F38D1057BAB364FF9D784F14D336DB8E66661DF38D592C300
                                                                                                                                                                                                                              Function 00007FFB0BA80740 Relevance: 6.2, APIs: 4, Instructions: 163COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exitmemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2725257846-0
                                                                                                                                                                                                                              • Opcode ID: 7667acfe8cd979c61ef8322217f9533025dc7a57991cc5d72a4afbdb4d25e19c
                                                                                                                                                                                                                              • Instruction ID: b596c6049b5d1a31b858bb231656b236fa754e41070b85548e0c6e7d1bc69965
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7667acfe8cd979c61ef8322217f9533025dc7a57991cc5d72a4afbdb4d25e19c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8613F72604B9182EA65CF22F5447AA73A4FB49B84F498435DF8E87B54DF3CD494C340
                                                                                                                                                                                                                              Function 00007FFB0BA66C30 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset$exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2160831268-0
                                                                                                                                                                                                                              • Opcode ID: ff7542eb6b03d18410631e71f5cf1605c2db0e3aae92597e952d8736e1c6e287
                                                                                                                                                                                                                              • Instruction ID: 3f6786bfd6229b8246dbab639e7f55b79b252fad8abbc18a29b4b5b12b168034
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff7542eb6b03d18410631e71f5cf1605c2db0e3aae92597e952d8736e1c6e287
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1971D176608BC586D760CF26F88079AB7A4F788B84F54912AEEDD43B68DF38C155CB40
                                                                                                                                                                                                                              Function 00007FFB0BA7E640 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exitmemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2725257846-0
                                                                                                                                                                                                                              • Opcode ID: d9c9cb1ef6c5c71233e29e4e1958d91413e7428d0f52581b9b1aba8afdf679da
                                                                                                                                                                                                                              • Instruction ID: 7ce56501860cc2e6dcec91f27de95bee35f90cca651d23dac1126c0b4a0d64b4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9c9cb1ef6c5c71233e29e4e1958d91413e7428d0f52581b9b1aba8afdf679da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E5120B2609B8182DB259F26F9447A9B3A8FB48B84F588535DF9E47B64DF3CD090C344
                                                                                                                                                                                                                              Function 00007FFB0BA7FC90 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exitmemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2725257846-0
                                                                                                                                                                                                                              • Opcode ID: 23cfdeea8cd9a323e5b039c749b7dda14dfd5c35ac79cae9b21fed405305592a
                                                                                                                                                                                                                              • Instruction ID: 53afc2dba72cac55f46a0bb6f7117ca6e863776227a2c838def99f5103a86006
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23cfdeea8cd9a323e5b039c749b7dda14dfd5c35ac79cae9b21fed405305592a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7514272609B8186DB258F22F944BA9B3A4FB48B84F488535DF9E47B65DF3DD190C340
                                                                                                                                                                                                                              Function 00007FFB0BA7F1E0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exitmemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2725257846-0
                                                                                                                                                                                                                              • Opcode ID: 493e27849c4cb9e9b95d7c30d5e6413da0b50b6e21a947d19d361f36feff194b
                                                                                                                                                                                                                              • Instruction ID: 21b833916852a3f4d47a9541ebdcb05a5482e7d2253fd3236e7a3f45c40d5ef2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 493e27849c4cb9e9b95d7c30d5e6413da0b50b6e21a947d19d361f36feff194b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 445150B2609B8186DB258F22F9407A9B3A4FB48B84F488535DF9E87B64DF3DD590C344
                                                                                                                                                                                                                              Function 61CC1010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1015461914-0
                                                                                                                                                                                                                              • Opcode ID: 7b400966ea0fe65b8107637a16397435112a5280b413d6e50a40906f42bf94e7
                                                                                                                                                                                                                              • Instruction ID: c45eb0a3f1a1fb284d86554c0be28c529dc7274c4173474222e4ce3acb556b14
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b400966ea0fe65b8107637a16397435112a5280b413d6e50a40906f42bf94e7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A413A36712654C9F7028F9FEC5079A26B6BB85BD5F488026CE1C87364FE39D8928351
                                                                                                                                                                                                                              Function 00007FFB0BA69CA0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove$exitmemset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2725257846-0
                                                                                                                                                                                                                              • Opcode ID: a32b4bb5653312606587a6e74c96ac44aa3f345004107e7812205a3e2226a543
                                                                                                                                                                                                                              • Instruction ID: e85cee049bd0c4b9df168f62f1f88bb82bc2e8af7c8419eea43d9bde9895b253
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a32b4bb5653312606587a6e74c96ac44aa3f345004107e7812205a3e2226a543
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6741E1B2B0474186DA149E26E444A6AB355FB89BD0F49C239DEAE877E4DF3CE841C740
                                                                                                                                                                                                                              Function 61CE2760 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • in != NULL, xrefs: 61CE28B9
                                                                                                                                                                                                                              • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 61CE28B2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                                                              • API String ID: 0-85593093
                                                                                                                                                                                                                              • Opcode ID: 5390f7802ef71949aa3a0cf05dea8c3b14533773d64808a5d6f4aa100e05040b
                                                                                                                                                                                                                              • Instruction ID: c6423a2cd50675e01ae8f8c802061b1ce9a25c3130784001f26a318f6107319f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5390f7802ef71949aa3a0cf05dea8c3b14533773d64808a5d6f4aa100e05040b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A310633714681CAEB25CF6AE424B5D3765F785BD8F588028EE4D47B58EB39C491CB00
                                                                                                                                                                                                                              Function 00007FFB0BC21BA9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630577960.00007FFB0BC21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0BC20000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630562409.00007FFB0BC20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630577960.00007FFB0BC94000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630637059.00007FFB0BC96000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630663082.00007FFB0BCB9000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCBE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCC4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630678270.00007FFB0BCCB000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0bc20000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 280995463-0
                                                                                                                                                                                                                              • Opcode ID: ea4ae0ada7687b9278b86a77c40726f248b152b0eba2a9966a3d191204c08946
                                                                                                                                                                                                                              • Instruction ID: 4b3d14ed7a2f6b967a53fddd63265bef397439d6a090817a1a0a5ce48eb8c646
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea4ae0ada7687b9278b86a77c40726f248b152b0eba2a9966a3d191204c08946
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF018051F0DA4262FA68976AE001B6962919F44BD0F08D030EE0FCBFAADE2DE8414300
                                                                                                                                                                                                                              Function 61CCA2D0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC87F0: _PyFloat_Unpack8.PYTHON310 ref: 61CC8821
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA2F0
                                                                                                                                                                                                                              • PyFloat_FromDouble.PYTHON310 ref: 61CCA5F4
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Float_$DoubleErr_FromOccurredUnpack8
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4123378784-0
                                                                                                                                                                                                                              • Opcode ID: adc10c1c1c7a10ac8db4f3d43ac0f240f06528aaff7345986a48d1d595e362b8
                                                                                                                                                                                                                              • Instruction ID: 285340b01a6d5069c4e9ae03c0154544d5630f9c6f63eaf4c6251691b139786f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adc10c1c1c7a10ac8db4f3d43ac0f240f06528aaff7345986a48d1d595e362b8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C012171246650C6E605DBA6C458B5F73A6FB95F85F0BD608DE0A07224FF34EC85C782
                                                                                                                                                                                                                              Function 61CCA484 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61CC8C40: memcpy.MSVCRT ref: 61CC8C99
                                                                                                                                                                                                                                • Part of subcall function 61CC8C40: PyOS_string_to_double.PYTHON310 ref: 61CC8CAB
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON310 ref: 61CCA4A4
                                                                                                                                                                                                                              • PyFloat_FromDouble.PYTHON310 ref: 61CCA654
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromOccurredS_string_to_doublememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1362591179-0
                                                                                                                                                                                                                              • Opcode ID: 1f6ed32d32fc598d43466fbde0f00dfe1b7339860388028654317f4caba24889
                                                                                                                                                                                                                              • Instruction ID: 03573d3ad62d192e44943cc2642d1dbc786ac132248e6333beb52e2d23d4f696
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f6ed32d32fc598d43466fbde0f00dfe1b7339860388028654317f4caba24889
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79012171246200CAE605CFA6D458B5E33AAFB96F85F07D608CD1A07224FB34EC85CB82
                                                                                                                                                                                                                              Function 61CCA1E0 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_FromLongLong_Occurred
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4098471257-0
                                                                                                                                                                                                                              • Opcode ID: 71677222d0491e34343a4c14b71c1dc1311d857c050d9e14bf58198066bcd62d
                                                                                                                                                                                                                              • Instruction ID: 62845deccd0d7689ac583c8e8f396f64a4567ca9aaab6d45b4cfc9023d217ce0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71677222d0491e34343a4c14b71c1dc1311d857c050d9e14bf58198066bcd62d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9301F671346210C7EA08CBA6C458B1E32A7FB95F85F0AD518CE1A07214FE34EC84CB81
                                                                                                                                                                                                                              Function 00007FFB0BA68460 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: exitmemmove
                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                              • API String ID: 1790971451-2766056989
                                                                                                                                                                                                                              • Opcode ID: fb4b732d7ba2ad41e51b609ce057e87b5d2821d6290d3fdf268689399a755141
                                                                                                                                                                                                                              • Instruction ID: 66efb119e5f19baeff96b4fa6a49f4347c21b28aafe0b8d7c6bedb879f7b4000
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb4b732d7ba2ad41e51b609ce057e87b5d2821d6290d3fdf268689399a755141
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30B16CA6A09BC586DA20CF15E5087AAA364F788FC4F189136DF8E57B59DF3CD185C700
                                                                                                                                                                                                                              Function 00007FFB0BA5A300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: log2
                                                                                                                                                                                                                              • String ID: Tg]@
                                                                                                                                                                                                                              • API String ID: 4048861018-1367013573
                                                                                                                                                                                                                              • Opcode ID: 314978e01d248754fc8a1f8367cd94a51ede3c6cab710bddc8371ba00d0dbb51
                                                                                                                                                                                                                              • Instruction ID: 385e2edc0fed5852771fd30067dc38d416be9965ce3d2d66a567e63b9c346dc7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 314978e01d248754fc8a1f8367cd94a51ede3c6cab710bddc8371ba00d0dbb51
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C411A32B15B498AD6118F76D000AADB661FF49B88F14C331EA4B67764DF39E293DA00
                                                                                                                                                                                                                              Function 61CC80C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 376477240-1595188566
                                                                                                                                                                                                                              • Opcode ID: 8bb9e66f62ffad9c3a8cef4396e92e57eb793e3fc40e407dff63582044b2c1ee
                                                                                                                                                                                                                              • Instruction ID: 6e1d6c2cad211b87336ccf9ef658c5b849cb8a58b7bb7422177c192e7836fd7d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bb9e66f62ffad9c3a8cef4396e92e57eb793e3fc40e407dff63582044b2c1ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56018F73A11654C5EB0197A9D8417CE37A1EBDAB88F8E8022CD5D173A1DF29C882D381
                                                                                                                                                                                                                              Function 61CDDD10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 61CDDD26
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __iob_funcabort
                                                                                                                                                                                                                              • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                                              • API String ID: 1307436159-2823265812
                                                                                                                                                                                                                              • Opcode ID: eee2c708d95ff40d082ddd57311eec4aade1f3c95749b20481556c841b4ca3f1
                                                                                                                                                                                                                              • Instruction ID: 3363d6403771100e9ad16e3344740cbbfa7cbfe7b8c491d9f6609c4a2026166d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eee2c708d95ff40d082ddd57311eec4aade1f3c95749b20481556c841b4ca3f1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5D0A774310B5AA1DB109B56AD04B9A6B71FBEEFDCF488010DD4D87F20AF25C12AC340
                                                                                                                                                                                                                              Function 00007FFB0BA312F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2630238336.00007FFB0BA31000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFB0BA30000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630220745.00007FFB0BA30000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630277885.00007FFB0BA85000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630327470.00007FFB0BAF7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2630343984.00007FFB0BAF8000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffb0ba30000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_LongLong_String
                                                                                                                                                                                                                              • String ID: Invalid mode
                                                                                                                                                                                                                              • API String ID: 568964304-431149109
                                                                                                                                                                                                                              • Opcode ID: 2e3b143024fffb948b6d36cb644d747681586ed00adecaaa304b2e3236bd7830
                                                                                                                                                                                                                              • Instruction ID: 05fc9bff91d8fe279af515eb990bacc2c911fa71fa20addecd4c75bad408bdaf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e3b143024fffb948b6d36cb644d747681586ed00adecaaa304b2e3236bd7830
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15F039E2E0464682F7556B75E494A7C2290EF58B52F989470D91ECAAB0DE2C98D68700
                                                                                                                                                                                                                              Function 61D41020 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000003.00000002.2627421510.0000000061CC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61CC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627390328.0000000061CC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627506339.0000000061D42000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627530224.0000000061D46000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627550788.0000000061D47000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627580629.0000000061D5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627603165.0000000061D62000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627622916.0000000061D64000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000003.00000002.2627643786.0000000061D68000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_61cc0000_grass.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4020351045-0
                                                                                                                                                                                                                              • Opcode ID: f4c2441ccf2d4738d7350e9699d6bb5203064618e76d4b4ca1b291ef5726c35c
                                                                                                                                                                                                                              • Instruction ID: 39d0c2b2e777d498c4225076af6eacc6c7c098645c08f4264717fb5150523a81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4c2441ccf2d4738d7350e9699d6bb5203064618e76d4b4ca1b291ef5726c35c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF012171316651C6EB08CBA5E8D13A523B2F788BC0F989425C95DC7364EF3AE4B5C380